Vendors who can submit automatic firmware updates are in a privileged position where files can be installed on user systems without authentication. This means we have to do careful checks on vendors, and it's important for vendors to understand the ramifications of getting it wrong.
The Linux Vendor Firmware Project signs the firmware image and repacks the files into a new cabinet file for several reasons:
When creating an account we can optionally create two classes of user, which allows you to have your firmware engineers do the upload and QA users control who can access the firmware:
We can create as many different users of each type as required, and each can have a different password. Some vendors just need one 'QA User' as the person uploading the firmware is also the person who decides when to move the update from testing to stable.
If you would like to know more, or want to request a new account, please email me for more details.