Yeah Iām not happy with VLC. I think we should expect some baseline level of basic security when recommending third party apps, and here VLC doesnāt offer an official flatpak and the one that is available is basically not sandboxed at all: full filesystem access etc. On macOS, VLC does not use the App Sandbox and has entitlements for JIT and microphone and camera access. Also itās not on the App Store which means no nice autoupdates from there. I really donāt want to recommend this when the default media player is better.
Anyone elseās thought on this? Will consider removing if agreed upon.
And honestly idk how better kodi is anywho so if thatās also the case can we even recommend media players? 
Suprisingly it seems as if KDE actually bundles VLC into itās DE so I digress.
Edit: on flatpak kodi does have better management of itās permission so itās ok to keep it imo.
Edit 2: ok Kodi is worse for apple devices, it needs jailbreaking to install it which is bad, I actually thought it is on the app store, we should advice against for apple devices. I canāt comment for MacOS though.
@friadev VLC is on the app store
In conclusion I am 50/50 on this.
@friadev VLC is on the app store āVLC media player on the App Store
In conclusion I am 50/50 on this.
If you want the macOS version you canāt download off the app store, and the version you get from their website doesnāt enable the App Sandbox. Also has some weird entitlements like allowing JIT for some reason. The fact that they do have a sandboxed version for iOS tells me they could enable it but they just choose not to for some reason.
And honestly idk how better kodi is anywho so if thatās also the case can we even recommend media players?
Kodi at least offers an official flatpak. Looking at their macOS app, they have fewer entitlements like enabling JIT and camera/mic, but they still donāt enable the App Sandbox and they disable library validation which is a security feature: Disable Library Validation Entitlement | Apple Developer Documentation
Their flatpak also has a warning about it being potentially unsafe but Iām not familiar with flatpak.
I would prefer somebody open a VLC thread on the forum so we can get more eyes on this than just whoever is looking at PRs.
My 2 cents though:
I think we should consider the context that people are using these media players in. If itās largely trusted content, like media people have ripped themselves, then using tools like this does seem like an improvement to me.
This could actually be a great opportunity to address security issues with media on the site. I think @friadev had a good point that weāve seen a lot of vulnerabilities directly caused by esoteric media engines in other apps like Chrome and iMessage. If we recommended tools like VLC we could add a section about these dangers and a warning about running internet content.
I think that this approach would be more educational and useful to readers than simply avoiding the topic of media players on the site.
Iām creating this forum topic to discuss changes being proposed in this PR with the rest of the community, because it is missing a discussion here.
Chrome and iMessage have very strong sandboxing as well so I think this just highlights how important a secure media player is. Iād really prefer educating readers about how to check if an app is sandboxed etc instead of recommending an insecure piece of software with a warning.
Very huge attack surface, they also had update not using https for years. Uses SMB1
as other said it can be changed also necessary to keep for compatibility reasons
this is not a concern.
We could add that to our guide and/or tool recommendation to enable higher SMB version however
I agree.
Having 8+ rated vulnerabilities every few months is not okay for a non-innovative codebase with little new code added: Videolan Vlc Media Player : Security vulnerabilities, CVEs
What is a āthird party appā with respect to Linux?
Because the Flatpak community pissed them off.
(Though to be honest, it sounds like misdirected angerā¦)
They have a Snap, which offers confinement on Ubuntu. (But apparently itās not official..?)
I canāt play my DVDs on any default media player for macOS or Windows. This is a use case VLC satisfies.
I donāt actually use VLC because I think itās ugly as sin and has a bad interface. Accordingly, I use mpv.