I mostly like using a torrent to download and seed free software distro things and some other free-culture things, like most of Wikipedia, as that can help reduce server load, I think.
But I also see a direct download may help if you do not know where to get a torrent program. Or can not install a torrent program.
I think a torrent may also be the fastest way to download a file, as long as many people are "seeding" a torrent.
Maybe there could somehow be "spoofing of source addresses" with some torrent programs, but someone also could fake a download site or mirror to show a fake image.
And if a direct download site goes offline than you may not be able to get the image, but with a torrent maybe it is like having many sites or mirrors to get an image, or at least it's parts, from.
Like gnewsense-live-4.0-amd64-gnome.iso and gnewsense-live-4.0-i386-gnome.iso may still be shared with torrent files, even though it was removed April 2021 from https://www.gnu.org/distros/free-distros.html.
I do not know about the source though. I think I found those torrent files from archive.org as that site and it's torrent files was, at least partly, saved.
If people can not get to Hyperbola's website, but still have the torrent files, those people can still get the Hyperbola iso image.
I do not know much about how a torrent program works, but I like to use a program called "Transmission-gtk" I think, to download and seed torrents, like Trisquel and Hyperbola.
https://www.hyperbola.info/packages/?so … ansmission
As for malware, I think those types of torrents may be from websites that may not be sending free as in freedom software, though I do not know what people are downloading to also get malware.
The only other thing I can think of at this time about using a direct download instead of a torrent is that maybe peers could see your IP address like a website can, or "nodes" in-between where your computer is and where you are downloading from, but there may be ways to make that not as known like using some proxy.
Although an ISP can likely still know your IP address.
But I'm glad there are many ways to download files, to give users a choice, like how there is a browser to get files or the program "git" to clone a repository or the program "wget" to download a "zipped" or "tarball" or other file directly.
I see the Hyperbola blacklist shows "forces download a lot of git repositories to build it" and "does not download sources over https and does not use SHA-512 hash" in some of the things listed in the blacklist.
So whether this is because there are many build dependencies or because that could try to force the latest version "uses the unstable version (fresh)" checking checksums and signatures can also help to make sure you downloaded the correct file. That way you can check what version you are downloading.
And like direct download sites may go offline, git repositories could also go offline. But the "Sneakernet" and torrents may stay up.
https://en.wikipedia.org/wiki/Sneakernet
https://en.wikipedia.org/wiki/BitTorrent
