Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to Libtorrent 2.0.10 #8042

Closed
RealJosephKnapp opened this issue May 28, 2024 · 2 comments
Closed

Upgrade to Libtorrent 2.0.10 #8042

RealJosephKnapp opened this issue May 28, 2024 · 2 comments
Labels
type: enhancement

Comments

@RealJosephKnapp
Copy link

Is your feature request related to a problem? Please describe.
Yes, Bittorrent version 1 is slowly being phased out and Bittorrent v2 is more secure. As we know libtorrent provides an official python binding to this shouldn't be a problem. An upgrade to Boost 1.85, libevent 2.1.12, OpenSSL 1.1.1w, Zlib 1.3.1 and pyQT 6.7.0 should also be made.
Describe the solution you'd like

All that needs to happen is to update the dependencies, torrent traffic is handled by libtorrent so this shouldn't be much of a problem. Upgrading to LibreSSL 3.9.2 or OpenSSL 3.3.0 should also be considered providing the libtorrent library is compatible with it.

Describe alternatives you've considered

Stay with Bittorrent v1, provided that the libtorrent library is upgraded to libtorrent 1.2.19 and the dependencies are upgraded to Boost 1.85, libevent 2.1.12, Zlib 1.3.1, OpenSSL 1.1.1w and pyQT 6.7.0.

Additional context

Libtorrent v2 uses SHA256 for its infohash algorithm, this is more secure than libtorrent v1. Also, switching the upload rate to bandwidth based and the upload choking algorithm to anti leech will help decentralization. Additionally, PeX, Local Peer Discovery, the Bittorrent DHT with Security extensions, Anonymous Mode, Disallowing privileged ports, Server Side Request Forgery Mitigation, the Embedded Tracker, Resolving Peer hostnames and contries, Piece Affinity, Upload Piece Suggestions, Internationalized Domain Names, Validating HTTPS tracker certificates, and reannouncing to all trackers when IP address changes should all be enabled. Rechecking the torrents upon completion will help with security. Likewise requiring encrypted connections will help protect exit nodes, ideally, an exit node should not exit traffic unless it is behind a VPN, I consider ProtonVPN, IVPN, Mullvad, RiseUP VPN, Psiphon Unlimited, Cloudflare Warp+, Calyx VPN, Surfshark, Gaurdian/Brave VPN and Opera VPN to be trustworthy, but the user should have the final say.
@drew2a
Copy link
Contributor

drew2a commented May 28, 2024

@RealJosephKnapps thank you for your request. We have an issue dedicated to the migration to libtorrent 2. Please check it:

@qstokkink
Copy link
Contributor

I agree that this is a duplicate issue and I will close it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: enhancement
Milestone
No milestone
Development

No branches or pull requests
3 participants
@qstokkink @drew2a @RealJosephKnapp