Loading ...
Sorry, an error occurred while loading the content.

Re: [json] Re: IMPORTANT: Remove this line from json2.js before deployment.

Expand Messages
  • Leen Besselink
    ... Hi Andrea, I think you are forgetting that the (current) json.org website is probably just a shared-hosting account. So that probably means it s not as
    Message 1 of 9 , Dec 14 3:36 AM
      On 12/13/2009 09:34 PM, Andrea Giammarchi wrote:
      > Just to underline another thing:
      > On Sun, Dec 13, 2009 at 6:38 PM, Douglas Crockford
      > <douglas@... <mailto:douglas%40crockford.com>>wrote:
      > >
      > > The point I was making was that if you care about reliability, security,
      > > and performance
      > >
      > >
      > reliability ... they are including the de facto official JSON library for
      > JavaScript
      > security ... they trust your implementation and they trust the fact
      > you keep
      > updating it
      > performances ... they are using a potentially "common used external
      > resource" so if the browser cached already that version performances
      > will be
      > better for every website that includes it plus they are saving bandwidth.
      > As you can see somebody could think that your points ARE the reason they
      > included JSON via the direct source, rather than their local copy
      > potentially non updated and served even if almost every browser has stored
      > somewhere exactly the same library.

      Hi Andrea,

      I think you are forgetting that the (current) json.org website is
      probably just a shared-hosting

      So that probably means it's not as reliable as something Google or Yahoo
      might do for some of the js-libraries.

      Performance-wise it would be really bad if everyone started hotlinking
      to just that one (or maybe 2 or 3) server(s) as well.

      Security-wise, something like the CDN-like setup Google and Yahoo are
      doing have a lot of save-gaurds,
      like monitoring tools and employees for file-changes. Seperate dedicated
      datacenters or atleast 'cages' of
      dedicated 19"-racks of servers. And not to forget procedures.

      While I do think getting automatic updates of json[2].js would be really
      interresting, because it's a very
      security-sensitive library.

      So in the current situation, it's a really bad idea.

      > So, finally, I would think about a proper specific server or an official
      > repository Github style so that people than use the raw minified and
      > gzipped
      > version with the 304 response, but if you think nobody should ever include
      > external scripts, you should tell us why we all have YUI configurator
      > scripts, google adsense/analytic files, etc etc.

      Yes, I think some people would love to see Yahoo add json[2].js to their
      list of js-libraries
      they are already hosting on their own CDN (I think Google has a whole
      list of libraries).

      But maybe Mr. Crockford does not want his personal project to be tied to
      his (current)
      employer or Google. I don't know their, could be many reasons.

      > Regards
      > [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.