Hi, I created http://iotnet.online, where I post the firmware that I collected myself. The purpose of the site is to simplify the process of assembling or to choose a ready firmware for your needs. Ideally, everything should look like in the frame of my favorite movie "swordfish" If you need to assemble your firmware, you can write me about it in the Feedback section of the site.
Okay, nice idea, but a few immediate points:
it's generally accepted to be a Bad Idea™ to download firmware for your device(s) from anywhere other than the official provider, to avoid tampering, etc.
none of those firmwares have hashes or checksums with them to validate the download
the site isn't https. LetsEncrypt provide free SSL certificates for everyone these days so there's no excuse for running without it
Thanks for the nice comments! And what if ... the site will give an opportunity in a visual mode to generate config files for the assembly? Will this tool be of interest to anyone?
Untrusted sources are untrusted sources. As far as I can tell, you haven't established your credibility on this forum with your history of posts, or in any other way.
I won't go as far as saying someone would be an idiot to download firmware from a site that does not have a long-standing reputation of trust without provable signatures from the originators of the firmware, but it's pretty close.
Further, from what I can tell, your site is in violation of most of the terms of licensing around the components within the software that you are distributing.
Also, if you had been following these forums here, you'd know there was already a project underway to provide custom-assembled images for those without the skills to assemble their own.
Hi, maybe @jeff pointed somewhat in the direction of the Online ImageBuilder I'm currently working on. If you're interested in providing custom images have a look at the API. It allows you to modify the package selection and set an initial configuration file.
The current fronted is somewhat hacky but it allows flavors just as you plan to provide.
The service is currently likely as trusted as yours, meaning not really, however I plan to support reproducible builds somewhat soon.
Sorry for hijacking your thread! Good luck with your project and I'd be happiest if we could work together
ive been trying your onlinei magebuilder. once i build an image for a device, i cant build another one with different selections. have a solution? i suggest starting a thread.
Hi, I just recently updated the flavors of chef to be usable with OpenWrt as well. Feel free to add a new flavor containing a pre-selection of desired packages.
I would even say that people who are providing binaries in any form are acting suspicious.
Anyone who is aware of building binaries knows what could be contained in the end-rusult.
Anyone who is providing build scripts and solutions to build something from sources is much more trustworthy - not to say sympathetic.
Even if a person providing the binaries earned lots of credits and is well known as a trusted source. I don't know the server, the hosting provider and who else can access the server on http://iotnet.online
Hello. Thanks for the comments, all recorded. Now the site has temporarily removed the "Downloads" section, I get a certificate so that the site works through https. And of course, I started to develop the interface for generating configuration files, as I dreamed
Not necessarily, a rogue script could do tremendous damage
This is starting to looks like a arms race
It is always a good a idea to use a gpg signature or simialar to sign your work
no. Take a look at hnymans build scripts. A very good example of comprehensive, easy to check build procedures for an image. Much easier to check than reverse engineering binaries
Beside of that I rather meant the fact that someone is providing a reproducible procedure to build the binary and not the binary itself --> is much more trustworthy.
I wasn't implying the community builders have gone rogue, and agree scripts are easier to verify if you know how.