Peer to Peer Development
Posted on December 9th, 2008 by miron
GitTorrent (described on Advogato) is a really distributed version control system, based on Git and BitTorrent. It seems to hold the promise of:
- Public keys (PGP) are used for authenticating changes
- No central web site for a project
- Easy forking of projects
- Package and OS distributions without a central download location
- A distributed mechanism for security and feature updates
The significance of all this is that it:
- levels the playing field for individual developers and small groups
- routes around censorship more effectively
- allows end user to choose different views of the repository based on which developers they trust
H/T: Slashdot
I would suggest a further improvement – multiple signatures on sources and on binaries. This would greatly reduce the chance of Trojan binaries being installed on hundreds of thousands of computers next time that Canonical/Debian/RedHat distribution points are subverted by a black hat hacker. Binary signatures would require a repeatable transformation from source to binary – by fully specifying the compile tools and compilation environment and using specified values for timestamps.