I apparently missed this. Yes. It does suck. Are RSLs reloaded every time for a specific domain, or is it just a cross-domain issue?
If I use RSLs for Flex 4.9 and I update my main app, do the RSLs get downloaded every time, or will the RSLs from my domain be reused? Is there any point in using RSLs at all? On Feb 10, 2013, at 3:56 PM, Nicholas Kwiatkowski wrote: > Adobe has (had?) a pretty good explanation on their Flash Whitepaper. It > boils down to this : > - They are no longer in control of Flex > - They are no longer doing security reviews of the source code > - They have to sign the Flex package with their security certificate in > order for it to be stored in the Flash RSL Cache > - They won't sign it anymore because they would be responsible for any > security issues that may come out of it. > > Yes, it sucks, but unfortunately, we have to live with it. > > -Nick > > On Sun, Feb 10, 2013 at 8:49 AM, christofer.d...@c-ware.de < > christofer.d...@c-ware.de> wrote: > >> I have to admit, that I don't quite understand what the inability to >> create signed rsls has to do with the usage of rsls themselves. >> >> The problem is that the Flashplayer is able to install rsls that are >> signed by Adobe. Usually the Adobe FDK rsls were also available in signed >> versions (swz files). These were dynamically loaded the first time they >> were needed and installed by the Flashplayer. The second time the libs were >> needed the installed versions were used reducing the download time >> dramatically. Now the problem is that Adobe won't sign Apache SWCs as they >> are no longer in charge of the libs code (Understandable). Giving Apache a >> key to be able to also create signed RSLs would eventually open serious >> security problems because a signed manipulated swz would be used by every >> other website using the same version of a given lib. >> >> Coming back to the RSLs ... The difference between a signed and an >> unsigned RSL is just, that the unsigned rsl is loaded on every visit of a >> user. As far as I know there is no other difference. So I don't quite >> understand why the lack of availability of signed rsls should have any >> effect on built applications and the default linking type. >> >> Chris >> >> >> >> -----Ursprüngliche Nachricht----- >> Von: Harbs [mailto:harbs.li...@gmail.com] >> Gesendet: Sonntag, 10. Februar 2013 14:19 >> An: dev@flex.apache.org >> Betreff: RSLs and signing >> >> I did not realize that Apache Flex does not use RSLs by default. >> >> What's the story with signing? Is that an issue with cross-domain >> security? Is there any way to get an Apache signature approved for Flash? >> >> Either way, I'd imagine I'd want RSLs for the simple reason that updating >> apps should result in a smaller download. >> >> Harbs >> >> On Feb 9, 2013, at 9:00 AM, Alex Harui wrote: >> >>> The default setting for Apache Flex is to not use RSLs because Adobe >>> cannot sign the Apache Flex RSLs. That's probably why your SWF is >> bigger. >>> >>> >>> On 2/8/13 10:31 PM, "grimmwerks" <gr...@grimmwerks.com> wrote: >>> >>>> Hey all - long time listener first time caller. >>>> >>>> I've taken a project that was originally 4.6 and I flipped it to 4.9; >>>> comparing the same code on two computers - when I build with the 4.6 >>>> sdk I get a swf of 304k (with all the other extraneous libraries such >>>> as osmf, mx, sparkspins, etc) -- whereas with 4.9 the main sf is >>>> 1.1mb -- that's a huge difference with no other changes in code no? >>>> >>>> >>>> >>>> >>>> Garry Schafer >>>> grimmwerks >>>> gr...@grimmwerks.com >>>> portfolio: www.grimmwerks.com/ >>>> >>>> >>>> >>>> >>> >>> -- >>> Alex Harui >>> Flex SDK Team >>> Adobe Systems, Inc. >>> http://blogs.adobe.com/aharui >>> >> >>
