-
Notifications
You must be signed in to change notification settings - Fork 444
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to Libtorrent 2.0.10 #8042
Labels
Comments
@RealJosephKnapps thank you for your request. We have an issue dedicated to the migration to libtorrent 2. Please check it: |
I agree that this is a duplicate issue and I will close it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Yes, Bittorrent version 1 is slowly being phased out and Bittorrent v2 is more secure. As we know libtorrent provides an official python binding to this shouldn't be a problem. An upgrade to Boost 1.85, libevent 2.1.12, OpenSSL 1.1.1w, Zlib 1.3.1 and pyQT 6.7.0 should also be made.
Describe the solution you'd like
All that needs to happen is to update the dependencies, torrent traffic is handled by libtorrent so this shouldn't be much of a problem. Upgrading to LibreSSL 3.9.2 or OpenSSL 3.3.0 should also be considered providing the libtorrent library is compatible with it.
Describe alternatives you've considered
Stay with Bittorrent v1, provided that the libtorrent library is upgraded to libtorrent 1.2.19 and the dependencies are upgraded to Boost 1.85, libevent 2.1.12, Zlib 1.3.1, OpenSSL 1.1.1w and pyQT 6.7.0.
Additional context
Libtorrent v2 uses SHA256 for its infohash algorithm, this is more secure than libtorrent v1. Also, switching the upload rate to bandwidth based and the upload choking algorithm to anti leech will help decentralization. Additionally, PeX, Local Peer Discovery, the Bittorrent DHT with Security extensions, Anonymous Mode, Disallowing privileged ports, Server Side Request Forgery Mitigation, the Embedded Tracker, Resolving Peer hostnames and contries, Piece Affinity, Upload Piece Suggestions, Internationalized Domain Names, Validating HTTPS tracker certificates, and reannouncing to all trackers when IP address changes should all be enabled. Rechecking the torrents upon completion will help with security. Likewise requiring encrypted connections will help protect exit nodes, ideally, an exit node should not exit traffic unless it is behind a VPN, I consider ProtonVPN, IVPN, Mullvad, RiseUP VPN, Psiphon Unlimited, Cloudflare Warp+, Calyx VPN, Surfshark, Gaurdian/Brave VPN and Opera VPN to be trustworthy, but the user should have the final say.
The text was updated successfully, but these errors were encountered: