Why discourage use of Community-built Firmware

Continuing the discussion from
Censored Open debate: The Dangers of using Other Peoples Builds (OPB), Issues and Warnings - (or "Why discourage use of Community-built Firmware!'

Use your own buildroot-built firmware by yourself -
Let's try not to shutup freespeech and instead "translate this debate into "actionable items" before it's too late like some guy said.

Let's scrutize firmwares before they are uploaded by firmware creators (possibly in "good faith") or else just me a diffconfig, minimal git or tarball please.

It seems we need more work to keep "mainline up-to-date".

We welcome your opinion, pro, negative or frustrated otherwise.

Welcome again everybody.

You mentioned DD in your previous rant thread, I would suggest AA might be more
apropos, as apparently you are are sorely in need of one.

4 Likes

Offtopic my funny friend. I can adjust my own attitude and find it funny although at first I took it the wrong way (maybe the way you intended). What do you suggest?

Watch as your post persists anyways unlike mine were censored. Sounds like you have nothing to say.
Please share your thoughts about the topic and your humor.

Are you a "community" firmware uploader by any chance? :):blush:

Idea... to solve the clear risk of using non optimised builds from other people (Guru Bulds?) OpenWRT could have a BAAS > Buildroot As A Service.

For most uses, the client tells the BAAS server what they need in the build, and the BAAS builds it. But importantly, BAAS signs the clients unique build as a "Custom OpenWRT Build". Thus the trust scope will always show the build came from the official OpenWrt packages, and not some random source code.

3 Likes

Great idea.

You were shut down because you were offensive and kept repeatedly breaking the forum rules even after several warnings, not to "shut up free speech"....

Could you perhaps explain what it is that you are hoping to achieve? Who's going to set up and maintain this "BAAS"?

2 Likes

and if you're skeptic, paranoid or just careful enough you'll wonder why should you trust firmware just because it comes from official source. even better my device pr wasn't inlcuded in main tree by kresin or jow

for some time already i wondered why do i get emails from openwrt-dev mailing list every once in a while, i thought there would be more activity on mailing list.. turns out after jow frustratingly closed @tuxbox's thread today he probably checked my profile/email and suddenly i got dozens of emails from mailing list, some even 3 months old.

sure this doesn't smell like censorship/filtering and it comes from people that supposingly run a "freedom" project. so much about your freedom.

1 Like

Everything I just posted was related to the topic and first post. I suppose this is simply another attempt at trolling then, flagged and ignoring.

Negative. I received many old emails from the mailing list today too.

Alright guys, I'm now suspending this topic and give everybody (and especially @tuxbox and @psyborg 36h to cool down.

You can discuss everything open and freely in this forum, but in a civilized way. OK?

3 Likes

what exactly in our discussion isn't civilised? the post included in forum from private message?

you could've answered that mr thomas the guideliner

1 Like

This topic was automatically opened after 38 hours.

These hours I spent to read the opinions of others regarding the community builds.
What I don't understand:

  • Why people provide binaries to download and install on a router that might be used productively (not e.g. a fenced one for testing...)
    If these binaries are clean, why are not the build instructions provided instead?
  • Why do so many(!) people add input in the posts of others providing optimized builds and download and install and use these builds

The software company I "know" is also developing apps for internal usage. It is not allowed to provide just binaries. A good example are the lovely war files.
There is an official, controlled, pentested and secured build environment for all that, where it must be transparent to "follow" the end product from the binary back to the single lines of code, version by version. If there is no such build environment, noone would be allowed to provide nor to download and install binaries. There is no discussion about that taking place. It is totally clear and logical and ok for thousands of people.
(For public applications from official vendors, there is a special software approval process, exceptions etc. But not for custom stuff.

Here, I would not discuss pros and cons about the (official) vendors firmware or the trustworthiness of the git sources. I would just never ever provide or download binaries. From my point of view this could even be a rule. I do not see that building the software is too difficult and I am wondering what these providers do that it might not be possible to provide the build instructions for these optimized builds.

And yes, haha; If I have a lack of anything for building the good stuff, or understanding git and the versioning of the openwrt sources, I spend the time and ask the community in a polite way.

1 Like

I started building packages with updated wifi drivers for a specific device, because those drivers where very buggy and under heavy development upstream, and OpenWrt does not update kernel modules between stable releases. I though those packages could be useful to others, who were not capable or did not have the time or interest to build the packages themselves, and decided to share them.

I have provided building instructions to anybody who has asked for them.

I have clearly explained that my builds are experimental and targeted to people following the upstream development of the drivers; if somebody installs them on a production device, it is not my business.

People adds input to the thread I created because they appreciate the efforts I make to build the packages, or because they have problems with the builds and need some help, or just because they want to share their experience.

4 Likes
  1. https://en.wikipedia.org/wiki/Linus'_Law
  2. Coming into a community, forking it's code and using it's infrastructure to create division and corral users away from that community is a toxic form of antisocial behaviour.
  3. Creating a "community" fork of OpenWrt without any intent of working with your upstream and to push patches and bug reports back is not a productive way of continuing to interact with the community behind the project.

If you fork; make it clean.

I am not alleging that any of these things have been done by anyone specifically.
And the OpenWrt wiki actually allows you to list experimental versions on device pages.
I am simply trying to answer the question: Why discourage use of Community-built Firmware?

In short, aside from the three points above it's to protect the community, it's users, to create trust and maintain that trust amongst users to continue to create a sense of community and a brand that you can trust.

3 Likes