[OS X TeX] MacTeX-2008 Status

Adam R. Maxwell amaxwell at mac.com
Thu Sep 4 05:09:36 CEST 2008 

On Sep 3, 2008, at 1:50 PM, David Watson wrote:

> On Sep 3, 2008, at 3:21 PM, Adam R. Maxwell wrote:
>
>>
>> On Wednesday, September 03, 2008, at 01:11PM, "Joseph C. Slater PE,  
>> PhD" <joseph.slater at wright.edu> wrote:
>>>
>>> So, while everybody was using bittorrent... did anyone pause to  
>>> think
>>> that, yet, the psu server is public, and you can get mactex there
>>> directly?
>>>
>>> ftp://carroll.aset.psu.edu/pub/CTAN/systems/mac/mactex/
>>
>> Yes, and I found it on the Wisconsin mirror also:
>>
>> http://gentoo.chem.wisc.edu/tex-archive/systems/mac/mactex
>>
>> Using p2p software is a major violation of security policies at  
>> work, so bittorrent wasn't an option.
>
> Just to clarify some misconceptions about p2p and security that some  
> seem to have.
> The use of p2p software to distribute any type of digital  
> information is not inherently insecure.
> In fact, there is nothing more "insecure" about p2p distribution  
> than there is about distribution through traditional (ftp, uucp,  
> http) protocols.
>
> I understand the reasoning behind the policy: people distribute  
> viruses/spyware via p2p, therefor p2p==evil.
> However, one could argue that people distribute the same sorts of  
> things through social engineering by relying on people to click on  
> URLs on webpages.
> So we should also ban using http protocol, and therefor no one  
> should use the world wide web?

Requesting data from an http/ftp/nntp server is a bit different from  
opening up your filesystem to people all over the world, hoping the  
program doesn't have a buffer overflow or a back door that gives  
someone full access (assuming it was configured securely in the first  
place).

> In the end, the only way to know for sure is to use a non- 
> compromised algorithm for non-repudiation and validation of the  
> things we download.

[...]

> I understand your predicament, and I would not violate any set policy.
> I would, however, take a moment to educate the policy makers that,  
> in certain cases, distribution through p2p is a necessary evil and  
> the only real remedy is education and an honor policy.

It's not a predicament at all; I happen to agree with the policy :).   
In the present case of MacTeX, it not necessary to use p2p, so there's  
no justification for it.  I do agree that being informed is helpful,  
and Wikipedia's page on file sharing has a risks section [1] that  
links to a recent paper [2] on the topic.  As far as I'm concerned,  
the bottom line is that the risk to personal or other sensitive  
information on your system should be carefully weighed before  
installing p2p software.

-- 
Adam

[1] http://en.wikipedia.org/wiki/File_sharing#Risks
[2] http://csdl2.computer.org/comp/proceedings/hicss/2008/3075/00/30750383.pdf



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2415 bytes
Desc: not available
URL: <http://tug.org/pipermail/macostex-archives/attachments/20080903/93e1d6fb/attachment.bin>

More information about the macostex-archives mailing list