The rsls from your domain is reused IIRC.
-----Message d'origine-----
From: Harbs
Sent: Sunday, February 10, 2013 3:01 PM
To: dev@flex.apache.org
Subject: Re: RSLs and signing
I apparently missed this. Yes. It does suck. Are RSLs reloaded every time
for a specific domain, or is it just a cross-domain issue?
If I use RSLs for Flex 4.9 and I update my main app, do the RSLs get
downloaded every time, or will the RSLs from my domain be reused? Is there
any point in using RSLs at all?
On Feb 10, 2013, at 3:56 PM, Nicholas Kwiatkowski wrote:
Adobe has (had?) a pretty good explanation on their Flash Whitepaper. It
boils down to this :
- They are no longer in control of Flex
- They are no longer doing security reviews of the source code
- They have to sign the Flex package with their security certificate in
order for it to be stored in the Flash RSL Cache
- They won't sign it anymore because they would be responsible for any
security issues that may come out of it.
Yes, it sucks, but unfortunately, we have to live with it.
-Nick
On Sun, Feb 10, 2013 at 8:49 AM, christofer.d...@c-ware.de <
christofer.d...@c-ware.de> wrote:
I have to admit, that I don't quite understand what the inability to
create signed rsls has to do with the usage of rsls themselves.
The problem is that the Flashplayer is able to install rsls that are
signed by Adobe. Usually the Adobe FDK rsls were also available in signed
versions (swz files). These were dynamically loaded the first time they
were needed and installed by the Flashplayer. The second time the libs
were
needed the installed versions were used reducing the download time
dramatically. Now the problem is that Adobe won't sign Apache SWCs as
they
are no longer in charge of the libs code (Understandable). Giving Apache
a
key to be able to also create signed RSLs would eventually open serious
security problems because a signed manipulated swz would be used by every
other website using the same version of a given lib.
Coming back to the RSLs ... The difference between a signed and an
unsigned RSL is just, that the unsigned rsl is loaded on every visit of a
user. As far as I know there is no other difference. So I don't quite
understand why the lack of availability of signed rsls should have any
effect on built applications and the default linking type.
Chris
-----Ursprüngliche Nachricht-----
Von: Harbs [mailto:harbs.li...@gmail.com]
Gesendet: Sonntag, 10. Februar 2013 14:19
An: dev@flex.apache.org
Betreff: RSLs and signing
I did not realize that Apache Flex does not use RSLs by default.
What's the story with signing? Is that an issue with cross-domain
security? Is there any way to get an Apache signature approved for Flash?
Either way, I'd imagine I'd want RSLs for the simple reason that updating
apps should result in a smaller download.
Harbs
On Feb 9, 2013, at 9:00 AM, Alex Harui wrote:
The default setting for Apache Flex is to not use RSLs because Adobe
cannot sign the Apache Flex RSLs. That's probably why your SWF is
bigger.
On 2/8/13 10:31 PM, "grimmwerks" <gr...@grimmwerks.com> wrote:
Hey all - long time listener first time caller.
I've taken a project that was originally 4.6 and I flipped it to 4.9;
comparing the same code on two computers - when I build with the 4.6
sdk I get a swf of 304k (with all the other extraneous libraries such
as osmf, mx, sparkspins, etc) -- whereas with 4.9 the main sf is
1.1mb -- that's a huge difference with no other changes in code no?
Garry Schafer
grimmwerks
gr...@grimmwerks.com
portfolio: www.grimmwerks.com/
--
Alex Harui
Flex SDK Team
Adobe Systems, Inc.
http://blogs.adobe.com/aharui
