Has anyone ever done a proper security audit of VLC that is downloaded from the web? I don't trust it, and the fact that their releases on Github don't include binaries makes me trust it even less. Nobody is compiling VLC from source, and they don't provide any sort of provenance from the GH actions pipeline.

▲

kykat 4 hours ago | parent | next [-]

All linux distros build VLC from source

▲

ohhman11 4 hours ago | parent | prev [-]

This seems utterly pointless to worry about. You're fucked either way if you trust VLC.

▲

bloudermilk 4 hours ago | parent [-]

Care to elaborate?

	▲	bzzzt 24 minutes ago \| parent [-]
		Look at the supported formats lists. It includes so many parsers, mostly written in C, which means there probably are a few dozen ways to exploit the player.