Question, does it solve alot of what @fria is concerned about in the grand of current recommendations? Like if it includes sandboxing among other things
If anything I don’t want this to be for “Is it secure everything” stuff, I just want the field to be even if you know what I mean.
There is a difference in need of updates based on the nature of what a tool does. A video player isn’t as likely to get a lot of new CVEs especially if the number of libaries is limited.
Generally it is always a good question to ask tho. Updates are important. But given we see releases still being brought out and work is still being done on it in this case I see no reason to doubt they wouldn’t issue new version when needed.
Also please note that list of bullets is copied from their github… I should put it in quotes but the template didn’t help me here.
I’ve been using this for the last couple of months and it has been awesome.
Regarding releases being slow, there is work being done as there are constant nightly builds being made. So it’s not like it has been abandoned or anything.
Doesn’t enable the App Sandbox, allows unsigned executable memory, disables library validation, all of which have security warnings from Apple. Pretty disappointing from a macOS-only app. Don’t really want to recommend this unless they fix it. Because of this you also aren’t going to be getting automatic updates from the App Store, although it seems to be going almost a year in between updates anyway so maybe that doesn’t matter so much.
I tried looking around for a better alternative but this was the best I could find, what would you suggest as an alternative with those additional security features?
Unless PG is trying to become a software review site, it should not recommend insecure products. I would rather see a page that says “we cannot recommend a good one, come to the forum to see community preferences” than giving a “This page has good private and secure recommendations similar to other pages on the site” impression.
More to the topic, video players have terrible codebases (FFmpeg and a thousand fixes - gynvael.coldwind//vx.log), and use libraries that are worse, while being hosted in the personal castle of the users (their home network) with access to often unlimited internet and protected by ISP provided routers (lol). All this means phishing becomes easier (videos are not just films and shows, it is also shared files), shotgun sprayed malware becomes easier, etc.
Additionally, using platform features (not just security features) shows the project is trying to be good software and not just “also ran” software (a trivial example is why I keep material you design as the base requirement for good android apps).
No solution is 100% secure, but I think PG shouldn’t peddle the same tired stuff shilled in every FOSS software thread in the name of privacy.
