Remove authentication requirement on api/firmware/latest

[NoLemurs]

Right now it's difficult for Linux users to update the firmware because there's no update utility for Linux.

Per this thread, it's not hard to manually fetch the firmware, upload it to your USB stick, and do an update, but the process of getting the list of latest firmware files from the API requires either registering for a developer key or running the update utility on some other machine (or VM) and doing a MITM attack against yourself. This makes it obnoxious to get the files, and makes it difficult to help less technical users get the files.

If the

Code: Select all

api/firmware/latest

route didn't require authentication it would be trivial for the community to come up with simple instructions or a script to do firmware updates, and I can't imagine there's much need for that route to be authenticated.

Alternatively, if making just one API route unauthenticated is problematic, just some page on the C2 website that provides a machine readable list of the lastest firmware files would achieve the same purpose.

[JaapvanE]

The C2 devs are not in this forum, nor are any other employees. So I would contact C2 directly with this.

[NoLemurs]

The C2 devs are not in this forum, nor are any other employees. So I would contact C2 directly with this.

Ahh, that makes sense. I saw "Feature/Function" requests and made the wrong assumption. I don't suppose you have any idea what the best way to get a message to C2 devs is?

[JaapvanE]

I use info@concept2.com, which finds its way to the devs quite effectively.

[NoLemurs]

I use info@concept2.com, which finds its way to the devs quite effectively.

Thanks!