Comment by doctorpangloss
2 months ago
What evidence is there that Deno's "security and isolation" works?
It's their application, yt-dlp can use whatever it wants. But they made their choices for stylistic/aesthetic reasons.
2 months ago
What evidence is there that Deno's "security and isolation" works?
It's their application, yt-dlp can use whatever it wants. But they made their choices for stylistic/aesthetic reasons.
What evidence is telling the opposite?
Scripts use V8 isolation, identical to Chrome. What comes to rest, we can only trust or review by ourself, but it is certainly better than nothing in this context.
Identical to Chrome except the part where Chrome uses os-level sandboxing on top. V8 exploits are common, Deno sandboxing by itself is not a good idea if you are executing arbitrary code.
We are comparing to situation where the alternative is nothing. Maybe we just should remove locks from the doors because someone has lockpicked door somewhere.
2 replies →