
Ask HN: Solutions to Control Binary Distribution - aetherspawn
I have a bunch of customers and I want to distribute to them firmware files for them to flash onto 50+ different application hardwares.<p>I need to control the distribution of the firmware flash files, so that basically 1. customers don&#x27;t see anything they don&#x27;t need or didn&#x27;t pay for and 2. so I can pull or update a firmware flash file if I need to and easily expose the release notes&#x2F;make old versions available. It would also be nice to see which customers have downloaded which files and allow them to subscribe for email notification of updates or something like that.<p>Is there some software out there that does this that I can install on-prem? My budget is max $2000 preferably one-time cost and it&#x27;s unlikely that having any intellectual property hosted externally will be allowed. I can only seem to find JFrog, but there <i>must</i> be heaps of these out there.. surely.
======
JoshTriplett
Updates aside, what goes wrong if a customer has access to a firmware file for
a device they don't have? Is the hardware distinct, such that the "wrong"
firmware won't run on a given piece of hardware? If so, then customers won't
be able to _use_ anything they don't pay for, so consider the zero-cost
solution of "don't worry about it". And if not, then some customers _will_
pass firmware images around to bypass your access control mechanisms.

UX and usability is absolutely valid, and you might consider having a customer
account system with which customers can identify the hardware they have
(automatically if they buy it through you) and see the corresponding firmware
they need. But that's a user experience question, not a licensing matter.

~~~
aetherspawn
Piracy is no concern as long as there is just really basic access control to
stop i.e. random end-users that might know someone who works at said place
from deciding they want to transform their X into a Y using a flashtool.

But also another and more important reason you can't have people cross-
accessing firmware images would be because certain firmwares would contain
blobs that are considered IP of certain joint partners in a project.

So yeah, piracy is not a concern, and I'd be completely OK with just manually
allocating who can see what. It's for factories and not consumers.

Also hypothetically, if you were really persistent, you can flash the wrong
firmware files onto the wrong hardware and hypothetically you could
accidentally sell it to someone. And that would be an absolute nightmare that
I want to avoid as well. The application is sort of similar to flashing engine
tunes onto a car and not necessarily hardware variant A/B/C etc. But there's
potentially soon to be hundreds of variants and the end-user could very easily
get lost. (At this point it's a UX concern)

~~~
JoshTriplett
Thanks for clarifying the situation; if you're protecting customers from each
other for reasons they want rather than reasons you want, and you're not
building general-purpose hardware for end users, that makes sense. Then in
that case, I would absolutely just go with an account and registration system,
and handle access control that way.

