What about multiple sources?

RichardLitt / open-source-protocol

:unlock: Open up web development

https://osprotocol.com

MIT License

44 stars 5 forks source link

What about multiple sources? #20

Closed tYYGH closed 8 years ago

tYYGH commented 9 years ago

This protocol is an interesting idea, even though I don't find that finding the source code is that hard, for sites where a public source does exist.

But what about sites with multiple source codes? Your article mentions finding out about an interesting piece of Javascript or CSS. What if these are from a different source than the site, for example a dotClear theme? And there's the obvious case where libraries are used, that are developed outside the scope of the main site (eg: jquery).

RichardLitt commented 9 years ago

Cheers. It's not that hard when it's there, but I'm trying to encourage a mindset of putting your code out in a public setting.

I'm not sure what to do in those cases. Libraries probably shouldn't be tagged, as those customized for the particular website. Neither are externally dropped in themes. I think multiple os:src tags might work here, but I'm not entirely sure.

Do you have a good example in mind?

tYYGH commented 9 years ago

Consider for example visiting a dotClear or Drupal web site.

If the site layout/flexibility/workflow is your dream come true, except for one small missing feature that you'd be glad to contribute, then the dotClear/Drupal source code repository is obviously the place you want to find.
If however the site cleverly handles a tricky presentation issue, related to its accessibility or to its management of multiple clients formats (responsive design), and you want to understand how that is done, then most probably you'll want to find the source code for the theme that was applied by the webmaster.
And if you fall in love with the site's widgets (date picker, text editor, table view, etc.), chances are that an external widget library has been included in the web site, and that library's source code is what you're looking for.

RichardLitt commented 9 years ago

Hmm. How do other protocols deal with multiple sources of truth? Multiple src tags?

HughP commented 9 years ago

With regard to multiple sources, how do you show plugins? In a WordPress context, we could point to WordPress as the core... but then how do we ID each plugin? If there is a tag present then the site will pass. But that does not mean that all components are accounted for...

Also how does the Identification of source code affect the rapid identification of open security vectors?

RichardLitt commented 9 years ago

I'm not sure. At some point, I think coverage like that is unrealistic, and is going to result in code rot. We could implement an os:plugin:* tag for Wordpress sites?

No idea about security vectors, I'm not sure what that means.

RichardLitt commented 8 years ago

I think that the scope of dealing with plugins is too much. The os: tag should really be used for pointing to a single source of truth for where the front-end code lies. Adding on plugins, theming, and framework points would allow greater coverage of all available code, but ultimately falls outside of the scope of the OSP.

Closing. Feel free to reopen if there are questions about this.