[dojo-contributors] "core dojo", packaging, and the build system
alex at dojotoolkit.org
Wed Apr 5 21:09:08 EDT 2006
On Wednesday 05 April 2006 5:19 pm, Sandro Magi wrote:
> Alex Russell wrote:
> > On Wednesday 05 April 2006 4:34 pm, Sandro Magi wrote:
> >> Such a setup is still just as vulnerable. I would rather have the
> >> control in the dojo array anyway, because I could then specify my
> >> own server farm.
> > I think that would always be an option. But the problem we're
> > trying to solve is one where people today have to carry around a
> > "src/" dir and an unspecified other number of things in order to
> > actually get Dojo working for them.
> Should I take this to mean you don't expect people to use this
> technique in a deployed system?
No, just that a system of "trusted" distribution sites is not uncommon
in the software world (take, for instance, CPAN). Folks who have
security considerations can do something different if need be, but
trying to build out a web of trust in a browser environment is
more-or-less untennable w/o coarse-grained trust relationships.
Hashing in the browser is also tremendously slow. We don't have many
good options right now, so we work with what we've got. This is the
life of a web developer.
alex at jot.com
alex at dojotoolkit.org BE03 E88D EABB 2116 CC49 8259 CF78 E242 59C3 9723
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 188 bytes
Desc: not available
Url : http://mail.dojotoolkit.org/pipermail/dojo-contributors/attachments/20060405/1091186f/attachment.sig
More information about the dojo-contributors