So the trick is to use the #fragment
part of the URL, that is not sent to the server.
Of course the JS one downloads from the server could easily upload it to it, so you still need to trust the JS.
So the trick is to use the #fragment
part of the URL, that is not sent to the server.
Of course the JS one downloads from the server could easily upload it to it, so you still need to trust the JS.
If you want to have multi-host redundant storage at home (via e.g. minio or ceph), S3 is a pretty good protocol to provide it.
S3 is nice in the way it’s not a file system so it can have relaxed semantics, while also providing secure access to individual files over HTTPS via URL signing.
Some people seem to be stuck in the idea that S3 means cloud hosting. Not sure if that was your view, but it’s worth spelling out sometimes.
Papermerge version 2.0, version 2.1 and version 3.0 are entirely different and incompatible applications.
That doesn’t exactly inspire confidence in the future versions of this application, given in particular the use case of long-term document archival :).
In theory, yes. But if you follow the link and that leads to downloading the JS and running it, you’re already too late inspecting it.
And even if you review it once (and it wasn’t too large or obfuscated via minification), the next time you load a page, the JS can be different. I guess there could be a web browser extension for pinning the code?
The only practial alternative I know of is to have a local client you can review once (and after updates).