Related: #265
Just small docs update.
koru/Phoenix:docs into dev Related: #265
Just small docs update.
Thank you for submitting this (And apologies for not replying to the related issue sooner - will do so shortly)!!
I really like your changes here, looks much cleaner and more organized IMO :D.
I think my only concerns here are the use of external resources (from repology.org and shields.io). I can understand the appeal, but, due to privacy and security concerns, I think its important to avoid connections to third-party sites from the README like this.
I'm fine if we include them as static files from the repo directly though (But I know this defeats the point for some of them, since some are meant to be dynamic).
But, overall, great work!
68ccafd904
to 574a8eb6fa
I agree that using remote assets in the README.md isn't the best idea from a privacy standpoint, but originally, the goal was to gather statistics independently of the forge platforms. That said, I don't think it's particularly necessary at the moment.
@ivankopylov6603 wrote in #269 (comment):
the goal was to gather statistics independently of the forge platforms
That's fair, and it would indeed be nice (I do like the display of those statistics) - but ultimately I think we always have to put the privacy and security of users above everything else. Ideally, I wish there was some way we could make these embeds click-to-load - so that we could kepe the embeds, but users would be in full control over whether they wish to make these connections to external parties.
Maybe, at some point, we could consider making some kind of separate page/document for the statistics like this? We could then add a link to/banner for it on the README (while warning it will connect to third-parties like repology.org and shields.io). It wouldn't be as clean or ideal/convenient, but might be a decent balance/compromise.
If we did that approach, then if we wanted to, we could maybe even add static versions of the embeds/banners that just link to the relevant part of the separate statistics page?
IDK, these are just some thoughts I'm having/throwing out there.
@celenity wrote in #269 (comment):
@ivankopylov6603 wrote in #269 (comment):
the goal was to gather statistics independently of the forge platforms
That's fair, and it would indeed be nice (I do like the display of those statistics) - but ultimately I think we always have to put the privacy and security of users above everything else. Ideally, I wish there was some way we could make these embeds click-to-load - so that we could kepe the embeds, but users would be in full control over whether they wish to make these connections to external parties.
Maybe, at some point, we could consider making some kind of separate page/document for the statistics like this? We could then add a link to/banner for it on the README (while warning it will connect to third-parties like
repology.organdshields.io). It wouldn't be as clean or ideal/convenient, but might be a decent balance/compromise.If we did that approach, then if we wanted to, we could maybe even add static versions of the embeds/banners that just link to the relevant part of the separate statistics page?
IDK, these are just some thoughts I'm having/throwing out there.
Actually, we could implement statistics using several different approaches:
.svg elements by fetching values from the platforms' APIs, or from something like shields.io, every couple of days. However, this would require either manual updates or a CI/CD actions..md page for stats, but then again, that somewhat defeats the purpose of having visible, at-a-glance statistics.shields.io through our own server, but that still involves contacting an external server, which raises privacy concerns..md file via <iframe>, but this also requires a proxy, and wrapping it in <details> doesn't prevent browsers from caching the content.I think we could consider the first and last options.
@ivankopylov6603 wrote in #269 (comment):
@celenity wrote in #269 (comment):
@ivankopylov6603 wrote in #269 (comment):
the goal was to gather statistics independently of the forge platforms
That's fair, and it would indeed be nice (I do like the display of those statistics) - but ultimately I think we always have to put the privacy and security of users above everything else. Ideally, I wish there was some way we could make these embeds click-to-load - so that we could kepe the embeds, but users would be in full control over whether they wish to make these connections to external parties.
Maybe, at some point, we could consider making some kind of separate page/document for the statistics like this? We could then add a link to/banner for it on the README (while warning it will connect to third-parties likerepology.organdshields.io). It wouldn't be as clean or ideal/convenient, but might be a decent balance/compromise.
If we did that approach, then if we wanted to, we could maybe even add static versions of the embeds/banners that just link to the relevant part of the separate statistics page?
IDK, these are just some thoughts I'm having/throwing out there.Actually, we could implement statistics using several different approaches:
* A Shell or Python script that generates `.svg` elements by fetching values from the platforms' APIs, or from something like shields.io, every couple of days. However, this would require either manual updates or a CI/CD actions. * A separate `.md` page for stats, but then again, that somewhat defeats the purpose of having visible, at-a-glance statistics. * Proxying requests to `shields.io` through our own server, but that still involves contacting an external server, which raises privacy concerns. * Using a click-to-load element in the `.md` file via `<iframe>`, but this also requires a proxy, and wrapping it in `<details>` doesn't prevent browsers from caching the content. * Or, we could simply maintain the statistics in a Markdown table and update it manually.I think we could consider the first and last options.
Interesting, both your first and last options sound plausible to me as well.
But, I do agree with your point earlier:
That said, I don't think it's particularly necessary at the moment.
So I'll go ahead and merge this (since you made your recent changes taking care of the embeds), and we can revisit this later if/as needed.
Thanks again for all your work here (and contributions lately in general)! Very much appreciated.
No due date set.
No dependencies set.
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?