How to handle delivery networks like RawGit?
So I'm thinking of the situation here:
- Lazy developer uploads jQuery and/or a bunch of some other resources that are bundled with Decentraleyes to his Github repo.
- He uses RawGit [https://rawgit.com] to serve those resources from https://cdn.rawgit.com in his website. For example https://git.synz.io/Synzvato/decentraleyes/blob/master/resources/jquery/2.1.4/jquery.min.js.dec would be with RawGit https://cdn.rawgit.com/Synzvato/decentraleyes/770e6fb5/resources/jquery/2.1.4/jquery.min.js.dec
The question now is whether there's anything that Decentraleyes can do to address this situation. Maybe adding a preference for optimistically trusting the filename to be what it is (i.e. jQuery.js is indeed the jQuery library and not something else) and serving the resource locally?
The implication are clear from the speed and privacy perspective, but also from the usability perspective since CDN.RawGit.com is blocked in China and hence websites will be broken and this can be solved by serving things locally (for websites using resources bundled by Decentraleyes).
Also feel free to close this issue if there's no possible solution in the present term.