[yocto] beta testing netbooting Yocto on Amazon, Google & Digital Ocean

Wed Jan 10 12:54:31 PST 2018

Hi William - thanks for the feedback - when you make a new thing it’s always really aprpeciated to get any comments.

>>I looked at your documentation.  You have a section "Is bootrino open source?”
>>You don't really answer the question.  

You’re right - I’ll remove that - it’s a website so the question that the documentation poses doesn’t really make sense.

>>>You also say there is an MIT licensed CLI.  OK.

Yes, an MIT license CLI is planned but not built yet.

>>>>But you do not mention the server code itself.
>>>>From that I assume the answer to the question "Is bootrino open source?" is no.
>>>>Am I correct?

Correct - the bootrino website/console is not open source.

>>> So for my own POV I would not want to give this access to my cloud account without seeing the code and perhaps running it on my own server so I can be sure of what I am getting.  

There’s not really any server behind bootrino - apart from user account creation it’s all client side. User accounts are created on Amazon Cognito which is a service purely for creating and authenticating users.  Apart from that bootrino has no back end. 

>>> I could setup a scratch account but I would worry even then and I would 
still have concerns ever going to "production" mode.  I am a bit picky that way.  

I understand the concern totally.  One of my primary considerations designing bootrino is your cloud account keys.  I wanted to ensure they are never sent to the bootrino back end because of the trust issue that anyone would reasonably have. So your cloud account keys are stored locally in your browser and never send to the bootrino back end - which consists only of Amazon Cognito anyway as mentioned.
Watching network requests from the browsers developer tools or setting up a network analyzer would show that your cloud account keys are not sent to any bootrino back end.

So, you might ask, if bootrino effectively has no back end, then how does it work?  The answer is that the bootrino JavaScript running in your web browser talks directly to your cloud REST API with no third party in between. That’s as secure as I could make it - the keys stay on your machine and your machine talks directly to your cloud so you need never wonder about the trust level for bootrino’s back end systems.

>>>Others may not feel the same way.  I wish you luck.
Thanks Bill I appreciate your feebdack and candid comments.