[inimino]

That's not exactly the same as choosing to use something that is hosted on someone else's server, which they could then subsequently modify now that you are using it in a very high-profile project.

Of course, judging candidates' by the code quality of their campaign websites is a rather obscure and somewhat useless pastime.

[GrinningFool]

True (on both counts). And yet it's common practice to include libs, fonts, and other bits from third party sites that the dev has no control over

[TeMPOraL]

It's a stupid and lazy practice. It's common because most web developers aren't exactly highly trained specialists who know what they're doing.

[Aaron1011]

I agree that it's still bad practice. My main objection was to the statement "Since GitHub is for open-source projects, it also meant that any user could submit a request to modify the code and impact Trump’s website". If don't trust the maintainers' judgement in merging PRs, hosting it yourself isn't a solution (short of reviewing the entire project yourself).

[infinite8s]

I think the concern here is that the maintainer could subsequently merge a malicious PR knowing who was using the library from GitHub. That wouldn't be an issue if that group was hosting a version themselves (before the maintainer might find out who was using it).