Comments (7)
I would say Guideline as a minimum.
Yep, sorry, I mixed up the order of guideline and suggestion. I have them straight on the review comments, since they are in order there.
from home.
@TheCakeIsNaOH what level would you see this rule being added at? Would it be a suggestion, meaning that it doesn't "need" to be adhered to, or would this require the package to be pushed back to the maintainer to fix?
from home.
@gep13 just chiming in.
IMO, as not using a rawgit URL is a strong suggestion, I would say that perhaps the Guideline section would be the most appropriate in this case
from home.
@gep13
That's up for debate IMO.
GitHub definitely does not want people using assets directly from GitHub raw:
https://github.blog/2013-04-24-heads-up-nosniff-header-support-coming-to-chrome-and-firefox/
So I'd tend to say start at a guideline, and move up to a requirement at some point.
IMO, as not using a rawgit URL is a strong suggestion,
Then maybe we could move that up to a suggestion as well? Edit: Ignore this
from home.
For new packages this is a requirement for me so I'd suggest we make it a requirement across the board. GitHub don't want it. Chocolatey doesn't want it. Would make sense.
The solutions to this issue are trivial so we're not putting anything in people's way.
from home.
Then maybe we could move that up to a suggestion as well?
I would say Guideline as a minimum.
You have
- Requirements (more or less mandatory to push back to maintainers).
- Guidelines (strong suggestions that maintainers need to consider for the next version of a package if applicable)
- Suggestions (optional items that can be added to enhance the package)
- Notes (can depend on the circumstances, but usually similar to requirements if applicable).
At least those were true when I was added as a moderator.
For new packages this is a requirement for me so I'd suggest we make it a requirement across the board. GitHub don't want it. Chocolatey doesn't want it. Would make sense.
I agree, for new packages, it definitely should not be used.
For existing packages, I would say it should be fixed for the next version (which is why I say to add it as a Guideline).
TBH, not sure if GitHub is still on the same stance anymore, not after they improved the CDN caching for those links (I think even NuGet encouraged the use at 1 point. I don't think they still do, though).
from home.
I've thought about this more and here is how I think it could work:
-
If the domain is:
github.com
,githubusercontent.com
,rawgit.com
Then fail the validator, with a requirement to switch away from those. -
Else If the domain is:
jsdelivr
,statically
,githack
(etc, need to fill this out)
Then pass the validator, no issue -
Else
Then put out a note that the review should check that the icon is at a location under the maintainers control (e.g. another cdn, or if the maintainer is also author then the software website would be fine, etc)
from home.
Related Issues (20)
- Use Bootstrap's Offcanvas for Right Side Announcements and Script Builder Flyout
- Add Add To Calendar buttons for reoccurring events
- Update events in right side flyout announcements
- Remote server returned an error: (409) Conflict HOT 2
- Update event times
- Redesign top navigation dropdown items
- Update home pages with current design and information
- Allow Package Scanner to scan larger files using the VirusTotal v3 API HOT 1
- Move from Universal Analytics to Google Analytics
- Remove 12th birthday logo and switch back to normal
- Update event times and dates
- Inconsistent handling of HTTPS in package feed HOT 6
- Enable TypeScript
- Update Product Spotlight time and date
- Space at beginning of generated Config-File HOT 3
- Upgrade to Bootstrap 5.3 or 6 HOT 1
- Bring Home Page Look and Feel to Additional Pages - Phase 1
- Update date and times for events
- Unable to push a SemVer2 package HOT 2
- Support SemVer2 in Chocolatey Community Repository HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from home.