> your own AWS server to provide you with OTA updates signed by you. Anyway, if I understand it correctly, the builds come from the device himself ofc, so I don't see why who signs would make that much of a difference...
Conversation
Rattlesnake means you have to have some trust in AWS.
The Dev who made Copperhead has a new project + there are others.
twitter.com/Dazinism/statu
1
1
With regards to AWS, apart from it being from a huge monopolist, technically it's a server like any other, isn't? Are there reasons not to trust it? No offense to the guy who created it, but I find it harder to trust a single dev whom I don't know, as is the case with RSOS, >
1
This Tweet was deleted by the Tweet author. Learn more
Guess I understand now. Suppose I am an important target; it would make sense for adversary to target the AWS server from which I expect no harm will come as I maintain it myself. Anyway, isn't it a smaller risk than trusting the dev if I don't know anything about him?
This Tweet was deleted by the Tweet author. Learn more
This Tweet was deleted by the Tweet author. Learn more
This Tweet was deleted by the Tweet author. Learn more
This is a disgustingly dishonest account of what happened. It completely flips the reality. The project has always been mine and existed before Copperhead was founded. There was an explicitly agreed upon arrangement that I would continue to own and control my open source code.
1
James attempted to seize control and ownership over the project by pressuring me with threats and ultimatums. He failed to succeed, and then took over the infrastructure, pushed me out of the company and stole tens of thousands of dollars in donations to the open source project.
1
1
When many of the donors requested that the donations either be passed along to where they were supposed to go or returned, James refused to do it. He used the revenue from the company and donations to the project to line his own pockets instead, as he continues to do today.
The signing keys were deleted after James had seized the infrastructure and made it very clear that he would attempt to seize them at all costs, leading to the users of the project being compromised by having the code controlled by a sociopath willing to do anything for money.
1
1
It was stated by James himself in the legal threats that were made public that he intended to provide third parties (associated with Raytheon) access to the signing keys and infrastructure... and it would not have stopped there. Do you think that's okay for an OS used?
1
1
Show replies