[dojo-contributors] "core dojo", packaging, and the build system

Alex Russell alex at dojotoolkit.org
Wed Apr 5 21:09:08 EDT 2006

On Wednesday 05 April 2006 5:19 pm, Sandro Magi wrote:
> Alex Russell wrote:
> > On Wednesday 05 April 2006 4:34 pm, Sandro Magi wrote:
> >> Such a setup is still just as vulnerable. I would rather have the
> >> control in the dojo array anyway, because I could then specify my
> >> own server farm.
> >
> > I think that would always be an option. But the problem we're
> > trying to solve is one where people today have to carry around a
> > "src/" dir and an unspecified other number of things in order to
> > actually get Dojo working for them.
> Should I take this to mean you don't expect people to use this
> technique in a deployed system?

No, just that a system of "trusted" distribution sites is not uncommon 
in the software world (take, for instance, CPAN). Folks who have 
security considerations can do something different if need be, but 
trying to build out a web of trust in a browser environment is 
more-or-less untennable w/o coarse-grained trust relationships.

Hashing in the browser is also tremendously slow. We don't have many 
good options right now, so we work with what we've got. This is the 
life of a web developer.


Alex Russell
alex at jot.com
alex at dojotoolkit.org BE03 E88D EABB 2116 CC49 8259 CF78 E242 59C3 9723
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://mail.dojotoolkit.org/pipermail/dojo-contributors/attachments/20060405/1091186f/attachment.sig 

More information about the dojo-contributors mailing list