| ▲ | embedding-shape 11 hours ago | |||||||
The original point was this: > > IMO it seems like it should safe to trust code being served by Google on the official Youtube domain Which came from a misunderstanding about where the downloadable solver script comes from, as it doesn't come from youtube.com, it comes from github.com (yt-dlp org), I was just correcting that misunderstanding. > You can’t very well run yt-dlp without trusting yt-dlp code. That makes a ton of sense and I agree! I'm not sure how that is related to anything though? I download yt-dlp from Arch repositories, so yes I'm trusting Arch maintainers and of course yt-dlp developers. Then I'm adding a manifest which controls what this application can actually access, which is basically a VM config, where I define that it can access youtube.com (and a bunch of other sites I mirror/archive). This is the part that shouldn't have github.com/* access. Again as mentioned, not a big issue, plenty of workarounds, so not the end of the world. | ||||||||
| ▲ | Wowfunhappy 10 hours ago | parent | next [-] | |||||||
> Which came from a misunderstanding about where the downloadable solver script comes from, as it doesn't come from youtube.com, it comes from github.com (yt-dlp org), I was just correcting that misunderstanding. But that script is ultimately running a JS challenge from Youtube, right? That’s why we actually needed a JS runtime in the first place. | ||||||||
| ||||||||
| ▲ | imnewton 4 hours ago | parent | prev [-] | |||||||
Restricting or sandboxing software is something I've been looking into recently. Would you mind sharing what you use and possibly an example as well? Perhaps an example for yt-dlp? | ||||||||