A lot of people do a lot of things wrong. In my opinion, it's better to
create simple things that are easy to learn to use correctly - as opposed
to creating complex things that supposedly shield you from making mistakes.
Often such things provide only a false sense of security - and usually you
I'm not saying that we should not do it (and in fact, we are doing
something similar in Symfony), just that we should mention this
somewhere. It's important to mention any potential security issue (even
if it is small) so that developers can take a conscious decision.
On 10/17/16 11:21,
Using this standard, people can know what packages you are using because of
its predictable paths. Some packages are running server-side code as well
as exposing public assets.
I said (in the comments of the gist) that exposing stuff is the
responsibility of the developer. I’m sure some
Hi All,
I've been dragging my feet a bit on getting this survey completed and put
out there, but I think we're now ready to get some real feedback. We will
be accepting responses to this survey for about the next two weeks. I'm not
going to be super specific about the timing of it, but at some
> What we followed was just an array, no other format.
The point is, this requires server-side bootstrapping. I can't add a
new assets without also writing code, so already here you've created a
dependency on some sort of server-side global bootstrapping facility.
I am to keep things simpler than
> Having a direct correlation between the asset paths and the package names
> means that you are leaking some interesting/"sensitive" information for a
> potential hacker.
How so?
The only way I can see your vendor/package name as "sensitive
information", is if you have a very serious security
Hi Rasmus,
Trying to write inline, so I don't miss your question.
> Why do you want the folder name to be named assets itself ?
>
> The folder has to have a name - "assets" seemed like the logical choice.
>
> Perhaps what you're really wondering is, why a single folder and not a
> map like in
On 10/17/16 00:12, Rasmus Schultz wrote:
Why do you want the folder name to be named assets itself ?
The folder has to have a name - "assets" seemed like the logical choice.
Perhaps what you're really wondering is, why a single folder and not a
map like in the Aura library?
Because it's
Hi,
It seems easier to discuss here.
Since this standard focus on publishing client-side assets. I think, assets
pipeline and directory structure are out of scope for this standard.
I also commented the gist (
Hey Rasmus,
Interesting!
I have a few questions. It seems you are looking to keep the spec as simple
as possible. But how do you plan to work with more complex "asset pipes"
like minifying / concatenating / compiling LESS/SASS files...?
Also, @webmozart tackled the same problem in a very
> Why do you want the folder name to be named assets itself ?
The folder has to have a name - "assets" seemed like the logical choice.
Perhaps what you're really wondering is, why a single folder and not a
map like in the Aura library?
Because it's simpler. A map would require more than a
11 matches
Mail list logo