[dmix]

Having themes work across multiple major platforms is a boon for theme designers (and people creating blogs). It's a great idea to standardize it as much as possible.

> John's own screen shot shows that we don't load it "from Ghost’s own CDN", it comes from jsDelivr

That bit was the strangest part of the accusations, this is the Ghost CEO, he should know jsDelivr is not really "their" CDN but a generic asset host.

> "However, directly loading scripts from our CDN on their platform is very bad for security." https://twitter.com/JohnONolan/status/1602330410490396672

jsDelivr is meant exactly for this purpose though, isn't it? For JS files to be reused across different sites so it can be cached easier? Not locking versions is the only real issue here.

[bakkoting]

Note that caching resources across sites isn't really a thing anymore. See https://github.com/whatwg/fetch/issues/904

[dmix]

TIL, makes sense from a (very limited) security perspective.

CDN caching was never that useful anyway, non-cached jQuery etc downloads fast these days. Publishing libraries on a centralized public CDN, where the same URL is used across different sites is still the primary value prop for jsDelivr regardless.

[skykooler]

> non-cached jQuery etc downloads fast these days.

...If you have a fast internet connection, which is what all web devs seem to expect these days. jQuery etc are still just as big and heavy as ever.

[cjbest]

Yes this is how we see it. And we've fixed the version lock thing.