Re: Reference to RDFJS libraries from Jonas Smedegaard on 2014-10-29 (public-rdfjs@w3.org from October 2014)

From: Jonas Smedegaard <dr@jones.dk>
Date: Wed, 29 Oct 2014 17:50:40 +0100
To: Sarven Capadisli <info@csarven.ca>, public-rdfjs@w3.org
Message-ID: <20141029165040.15411.22239@bastian.jones.dk>

Quoting Sarven Capadisli (2014-10-29 12:21:32)
> Dear Lazy RDFJSWeb,
> 
> If you use one of the rdfjs libraries in your front-end (browser) 
> application, do you refer to the source or have a local copy?
> 
> I'm inclined to point to a GitHub resource for example, if others 
> wouldn't mind relying on that in their applications as well i.e., to 
> collectively take advantage of user browser caching. Otherwise, it is 
> more of a bother, and a local copy instead is as reliable as it gets.
> 
> Is there a consensus? Got thoughts?

Beware that referencing is a source of tracking its use.  Some see that 
as a benefit, others as worrisome.

Debian have begun actively detecting and patching uses of CDNs in their 
(or our - I am a Debian Developer) redistribution of code projects: 
https://lintian.debian.org/tags/privacy-breach-generic.html

On a related note, Debian also consider it problematic when code is 
distributed in scrambled (a.k.a. "minified") form, as that (similar to 
compiled code) makes it difficult to verify if containing same code as 
the real editable source or perhaps accidentally is a different version 
with security flaws or licensing issues: 
https://lintian.debian.org/tags/embedded-javascript-library.html

Here are some suggested best practices for releasing javascript-based 
code projects e.g. at Github:

  * Include real source (i.e. preferred form for editing) of the code 
    you authored yourself.

  * Use relative link to the real source, but make it easy (e.g. a 
    build flag) to replace that with another relative (e.g. minified) 
    path or a full URL (e.g. to own web served or a CDN location).

  * Don't include minified source (at least in source branch, see
    below).

  * Don't include external code project (at least in source branch, 
    see below).  Instead, link with full URL to e.g. a CDN, and make
    it easy (e.g. a build flag) to replace with either relative or
    full URL.

  * If relevant to release code for use as-is, do so separately from
    source releases.  This not only makes sense for code projects
    involving compilation, but also for scripted Javascript code
    which commonly require merging, minification etc. deriving
    irreversibly from its source form.


Hope that helps (even if mostly not what you asked),

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Received on Wednesday, 29 October 2014 16:51:21 UTC