[vlc-devel] [PATCH 2/2] playlist/fetcher: do not ignore metadata scope when downloading art

[Pierre Ynard]

> AGAIN, for the sake of security and privacy, there is NO difference
> between the art URL, and any other contained external reference.
> Playlists, segmented streaming manifests, HTTP redirections, MP4
> redirections, etc. present the exact same security and privacy risks:

> You can add an option to disable that if you feel like it. But that is
> definitely not what the network access option was about.

Yes please :( I think that at least for file formats expected to be used
as local, self-contained files (so MP4), it would be important to limit
such features to necessary cases to maintain support, check and restrict
against abuse, and/or subject them to an option disabled by default.

-- 
Pierre Ynard
"Une âme dans un corps, c'est comme un dessin sur une feuille de papier."