Hi William - thanks for the feedback - when you make a new thing it’s always 
really aprpeciated to get any comments.

>>I looked at your documentation.  You have a section "Is bootrino open source?”
>>You don't really answer the question.  

You’re right - I’ll remove that - it’s a website so the question that the 
documentation poses doesn’t really make sense.

>>>You also say there is an MIT licensed CLI.  OK.

Yes, an MIT license CLI is planned but not built yet.

>>>>But you do not mention the server code itself.
>>>>From that I assume the answer to the question "Is bootrino open source?" is 
>>>>no.
>>>>Am I correct?

Correct - the bootrino website/console is not open source.

>>> So for my own POV I would not want to give this access to my cloud account 
>>> without seeing the code and perhaps running it on my own server so I can be 
>>> sure of what I am getting.  

There’s not really any server behind bootrino - apart from user account 
creation it’s all client side. User accounts are created on Amazon Cognito 
which is a service purely for creating and authenticating users.  Apart from 
that bootrino has no back end. 

>>> I could setup a scratch account but I would worry even then and I would 
still have concerns ever going to "production" mode.  I am a bit picky that 
way.  

I understand the concern totally.  One of my primary considerations designing 
bootrino is your cloud account keys.  I wanted to ensure they are never sent to 
the bootrino back end because of the trust issue that anyone would reasonably 
have. So your cloud account keys are stored locally in your browser and never 
send to the bootrino back end - which consists only of Amazon Cognito anyway as 
mentioned.
Watching network requests from the browsers developer tools or setting up a 
network analyzer would show that your cloud account keys are not sent to any 
bootrino back end.

So, you might ask, if bootrino effectively has no back end, then how does it 
work?  The answer is that the bootrino JavaScript running in your web browser 
talks directly to your cloud REST API with no third party in between. That’s as 
secure as I could make it - the keys stay on your machine and your machine 
talks directly to your cloud so you need never wonder about the trust level for 
bootrino’s back end systems.

>>>Others may not feel the same way.  I wish you luck.
Thanks Bill I appreciate your feebdack and candid comments.









-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Reply via email to