> Maybe listing shouldn't be enabled even if all the files are public.
I don't see why. Support for firmware upgrades literally involve querying available packages and downloading the latest ones (i.e., apply upgrades). Either you use something like the S3 interface, or you waste your time implementing a clone of what S3 already supports.
Sometimes simple is good, specially when critics can't even provide any concrete criticism.
It's not a necessary interface. Do the clients actually use S3 listing to determine what the latest firmware is? Personally I would put a service in the middle that takes in the model number, region, etc and then returned the most recent firmware URL. There's no reason to have historical versions be easily listable by curious people.
Why not? The firmware was already public at one point. If people are analyzing your app to find an S3 bucket full of firmware, I'd assume they'd have a pretty good reason to go through the effort.
> Maybe listing shouldn't be enabled even if all the files are public.
I don't see why. Support for firmware upgrades literally involve querying available packages and downloading the latest ones (i.e., apply upgrades). Either you use something like the S3 interface, or you waste your time implementing a clone of what S3 already supports.
Sometimes simple is good, specially when critics can't even provide any concrete criticism.
It's not a necessary interface. Do the clients actually use S3 listing to determine what the latest firmware is? Personally I would put a service in the middle that takes in the model number, region, etc and then returned the most recent firmware URL. There's no reason to have historical versions be easily listable by curious people.
Why not? The firmware was already public at one point. If people are analyzing your app to find an S3 bucket full of firmware, I'd assume they'd have a pretty good reason to go through the effort.
Why not? It's just an annoyance step that is predicated on obfuscating information that has already been made publicly available.