Am Wednesday 11 August 2004 16:40 schrieb Damian Menscher: Hi,
> like Fedora. It tends to start up really slowly (since it has to find > peers) and then speed up. But the speedup doesn't occur until several > megs have been downloaded. If we're only sending a 1-meg main.cvd, then > wouldn't bittorrent lose its advantage to all the overhead of finding > peers? IMHO this is a very valid concern. > With regard to all the other ideas: Please remember to keep this > *simple*. Here's where I, IMHO, think we stand: > > Opening a new port on a mailserver so updates can be pushed to it is a > BAD idea. As a sysadmin, I would not allow such a thing on my > production machines. It creates a huge security risk, since now you > have one more opening to a remote root vulnerability. Opening another port is simply no option for any serious enterprise use. There is simply no way to open another port in the firewall. In addition I am confident that IANA will not allow to reserve a fixed port number for this service. After all port numbers are a limited resource with todays IPv4 networks. > The idea of DNS sounds really good, but it doesn't appear we can fit all > the data there. Yes. > And putting just a version number there appears to make > things worse, since it will just make everyone hit the mirrors at the > same time. This is not really such a big problem as the DNS is still no push but a pull service and the incoherency of the DNS leads to a smoothing effect. > If we can somehow distribute signatures that way it would be > nice, but it just doesn't seem practical. I agree with you. > I'm really starting to like the idea of a mailing list that can have This is a very bad idea. As someone who is used to run _very_ big mailing lists I can tell you that the resources to run a _big_ mailing list are 3 or even 4 magnitudes bigger than a simple webserver offering the very same single file to everyone interested via HTTP GET. Offering this file e.g. 1MB via http get allows very easy to saturate any backbone with useful data _without_ the need to handle DNS lookups, generating an email, try delivery (multiple packages back and forth) and then finally having about 3-5 percent of the connection be failures --> retries,.... Using the very same hw resources (cpu, memory and bandwidth) with http get allows for much more (think about a factor of 100 or 1000) information be spread within a timeinterval. Things to think about: - Effort required to create a mail body - overhead of 7bit email encoding - effort required to do the email envelope - Effort for queuing many emails (much copying on the server) - No caching on the intermediate servers (only proxying) - Handling bounces etc. - Doing many DNS lookups Regards, -- martin Dipl.-Phys. Martin Konold e r f r a k o n Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker Nobelstrasse 15, 70569 Stuttgart, Germany fon: 0711 67400963, fax: 0711 67400959 email: [EMAIL PROTECTED] ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
