[Buildroot] [PATCH v2] docs/website: consolidate CDN's and enable SRI
Angelo Compagnucci
angelo at amarulasolutions.com
Mon Feb 4 12:39:44 UTC 2019
On Mon, Feb 4, 2019 at 1:35 PM Peter Korsgaard <peter at korsgaard.com> wrote:
>
> >>>>> "Angelo" == Angelo Compagnucci <angelo at amarulasolutions.com> writes:
>
> > From: James Hilliard <james.hilliard1 at gmail.com>
> > Some of our cdn's are going discontinued (rawgit) and some others are
> > not recommended anymore, thus we update to the recommended cdnjs.
> > This patch enables also SRI protection on js to be sure the modules we
> > download are not manipulated in any way.
>
> It would be great for people not doing web things (E.G. me) to add the
>
> https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
>
> to explain what SRI is.
>
> The files we get from these CDNs are not that big, E.G:
>
> -rw-r--r-- 1 peko peko 139K May 17 2018 bootstrap.min.css
> -rw-r--r-- 1 peko peko 37K May 17 2018 bootstrap.min.js
> -rw-r--r-- 1 peko peko 2.4K May 17 2018 html5shiv.js
> -rw-r--r-- 1 peko peko 85K May 17 2018 jquery.min.js
> -rw-r--r-- 1 peko peko 4.0K May 17 2018 respond.min.js
>
> Does it make sense to use those CDNs that we don't have under our
> control, or should we just commit these files?
Hosting these files by themselves means serving them by our webserver,
this is usually costly and bandwidth consuming.
Moreover, saving a compressed javascript in git it's not recommended
because their somewhat like binary files.
Again, updating them is quite annoying cause instead of simply
updating a line in a javascript file, we should replace the compressed
js file.
>
> --
> Bye, Peter Korsgaard
More information about the buildroot
mailing list