
Ask HN: Why package managers don't rely on torrents? - maxwellito
Historically, Spotify used to serve music via torrent to reduce infrastructure costs. Why not applying it to package managers like NPM? Of course, a classic HTTP fallback would be required for some cases like enterprise systems.<p>I guess, the problem would be having a daemon running on my personal machine, but I would be ok with it.
======
siavosh
It's supposedly a top priority for IPFS for 2019:
[https://blog.ipfs.io/78-ipfs-2019-roadmap/](https://blog.ipfs.io/78-ipfs-2019-roadmap/)

------
creatornator
You'd probably still want a centralized repo of checksums, otherwise it may be
more difficult to verify the authenticity of the packages

~~~
thedevindevops
That still wouldn't guarantee that the package contents isn't malicious

