Date: Wed, 11 Mar 2026 18:36:02 +0000 From: Alexey Dokuchaev <danfe@freebsd.org> To: Daniel Engberg <diizzy@freebsd.org> Cc: Joel Bodenmann <jbo@freebsd.org>, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: bd7b11985eec - main - multimedia/mpv: Disable YTDLP option by default Message-ID: <abG2EkCKRsq4CHYB@FreeBSD.org> In-Reply-To: <d1f34041-a5a0-4862-ad8a-1c4b240d9420@FreeBSD.org> References: <69b1a7b2.19334.3d329555@gitrepo.freebsd.org> <abGtA0sg5RrBlJBY@FreeBSD.org> <d1f34041-a5a0-4862-ad8a-1c4b240d9420@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
On Wed, Mar 11, 2026 at 07:05:52PM +0100, Daniel Engberg wrote: > On 2026-03-11 18:57, Alexey Dokuchaev wrote: > > On Wed, Mar 11, 2026 at 05:34:42PM +0000, Joel Bodenmann wrote: > > > commit bd7b11985eecd759e36eb1f40b52eeb494b30493 > > > > > > multimedia/mpv: Disable YTDLP option by default > > > > > > The www/yt-dlp dependency now requires npm and deno as > > > dependencies (via www/py-yt-dlp-ejs). This pulls in a > > > bunch of build and run dependencies [...] > > > > Not sure why yt-dlp folks suggest oxidized deno by default; it works > > just fine with `lang/quickjs' (written in C) which is also maintained > > by yuri@ BTW. > > The answer is [QuickJS does not fully allow executing files from stdin, > so yt-dlp will create temporary files for each EJS script execution. > This can theoretically lead to time-of-check to time-of-use (TOCTOU) > vulnerabilities.] This but in plain C is way more sane and preferrable than anything which requires rust and/or npm. ./danfehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?abG2EkCKRsq4CHYB>