OK, I guess the Roller UI should be self-contained, i.e., include all
the scripts it needs, no CDN. Assuming a 1-to-100 server bandwidth
ratio between blog writing and blog reading, that's not much of a server
hit for the former to have its needed scripts packaged with Roller,
eliminates a second point of failure, and helps us get approval from
security analysts evaluating Roller for an office deployment.
For our prepackaged blog themes, either way is fine for me. I think for
5.1 we'll continue to make the JS/CSS available within Roller for those
who prefer that, independent of whether the themes are coded to use
those files or CDNs. Including the JS/CSS does have a benefit of
allowing people to hack Roller in areas where they might not have wifi
access.
Glen
On 07/08/2014 07:53 AM, Dave wrote:
For themes I think CDN usage is fine. Not sure about the Roller UI itself
tho.
- Dave
On Mon, Jul 7, 2014 at 10:28 PM, Glen Mazza <glen.ma...@gmail.com> wrote:
Hi team,
I had given a suggested JIRA to Gaurav: https://issues.apache.org/
jira/browse/ROL-2020 for him to factor out the Bootstrap/JQuery into the
webapps/roller-ui folder so multiple themes can take advantage of it, i.e.
the user wouldn't need to manually import that library with his theme.
Providing that option would probably still make sense.
I guess though I am behind the times with that suggestion, apparently our
themes should be using content delivery networks to download the libraries
instead of the server hosting Roller? YUI would be something like:
http://yui.yahooapis.com/3.17.2/build/cssreset/cssreset-min.css, JQuery
would be http://code.jquery.com/, Bootstrap would be:
http://www.bootstrapcdn.com/.
Apparently the main benefit of using CDN's is that it drops demand on the
server hosting Roller, making it cheaper for someone to get Roller hosted
and also making it more attractive for hosting companies to offer Roller.
However, a drawback is YUI doesn't offer SSL support for philosophical
reasons (http://yuilibrary.com/yui/docs/tutorials/faq/#does-
yahoos-cdn-support-ssl) That might not be a big deal for us, because the
blog reader doesn't need SSL as he's not sending any private data and even
if the blog owner uses SSL to keep his password encrypted on the wire, not
much else needs to be secure so going to the CDN for a few JavaScript
libraries wouldn't be a big deal.
I guess we'll continue storing the Javascript libraries that the themes
need, but in the future would it be a better design to have the themes
using CDNs? WDYT?
Regards,
Glen
