I posted this below in reply to a similar comment. If you don’t like the way the devs have handled the raising of concerns, then fine, that’s kind of a judgment call and I can’t tell you what you should feel comfortable with. In my limited experience with the Jellyfin devs (including reading through the responses on that thread you linked), I do not personally get the impression that they are downplaying or refusing to correct issues. To me, it seems more like they are prioritizing some issues over others, and the outstanding security issues seem pretty minor for most use cases.

idk the full history, but Joshua’s comment here does not give me the impression of devs that are just deliberately ignoring security issues. It seems like they are simply balancing priorities, which is what all good devs should do. Personally I like that client compatibility is valued over everything else - I would be pissed if they broke the Fire TV client to fix a minor security hole on a niche Linux distro, because then one of my users would be SOL. And as Joshua says in that comment:

many other options are now open to us in a post-10.11 landscape now that we have a proper library database ready.

So it seems like now they are better set up to address the security issues without breaking compatibility.

So, I am not going to deny that those security issues exist, but it seems like they would only pop-up in niche situations, or only if someone already had access to your admin profile. Most people are using Jellyfin to share their media with themselves and their tech-illiterate friends in family. In that use case, the only people who even know my server URL are people I have shared that info with privately. Nobody is trying to hack my admin account.

Now, I am no infosec expert. Maybe there are folks that are trying to run larger operations, and for those people I can understand why these security issues may become concerning if you don’t have a tight handle on the circle of people that have access to your server. That said, it’s also a bit silly to expect a free, open source solution to meet your needs in that scenario, anyway. If you know and understand the issues that well, then maybe go join the dev team and patch the holes. That is the beauty of open source, anyone can jump in and fix it.

Setting up a reverse proxy and dynamic domain is not one click

Maybe not for the server administrator, but for users, it’s mega easy. Download Jellyfin app on TV. Enter URL for server. Login like a normal streaming service. Done. As far as I know, Plex requires these same steps, so if Plex works for your 89 year old grandparents, Jellyfin would as well.

Jellyfin has also yet to resolve the unsecured api

In what way is the API insecure? What types of attacks are you concerned about?

such as…?

Until jellyfin can be 1 click accessed from anywhere securely over clear net it’s not a replacement.

It can be, speaking from extensive personal experience. I followed their Reverse Proxy guides, now my tech-illiterate friends access my server over https via a duckdns url.

is there some security incident you have in mind involving jellyfin?

Well, neither of us have played it, so neither of us is really in a position to say whether the game is great or not. But that trailer seemed pretty damn spooky and unsettling to me, seems like the dev knows what they are doing. But again, I’m just going off that trailer in the article. Totally fine if this brand of horror is not your cup of tea, though.

as all great horror is.

to me it feels more like the other shoe has dropped on the censorship stuff that was hitting Steam a few months ago. I understand how that scene is controversial, and even in a film context I think that one might be too much for most studios. But if this was November 2024, I think Steam would have greenlit this game without a second thought.

it is insane out there for indies. The Steam issue is only part of the picture. Your big indie names like Supergiant and Landfall will keep trucking along because they have enough momentum and cache to ink deals with investors. But the smaller studios that are just getting off the ground? Investors have become very averse to signing with those teams, because they only see things in terms of ROI. It’s such a risky bet, and even if everything works out, the tiny payday is not worth it to these types. It is more lucrative to just invest that money in index funds.

Everyone says “it’s okay if AAA gaming collapses, we’ll still have indies to save us”, but we won’t have indies to save us for much longer if there is no funding out there for new studios.

Sure, “it doesn’t have a main quest” is a splashy way of saying “we’re doing a BOTW-style game structure”. But I’m totally down for a dark and gritty BOTW, that sounds like a fresh take to me.

most of my Skannerz memories are of scraping the thing back and forth on the back of tissue boxes until the barcode rubbed off, bc the things were not great at actually scanning barcodes.

I think it has surpassed all those consoles at this point in their life cycles. Or at least it did, maybe it is sliding in that metric.

It’s kind of the last slice they have left for gaming. Windows remains the de facto platform for PC gaming. It’s not as big as the segments you are describing, but it’s critical to Xbox’s near future plans. If they lose that advantage in gaming (Linux gaming is on the rise), Xbox becomes just another third-party publisher in the games space.

He says it like no one has seen the party trick yet. Like, yeah dude, we were all impressed with it in 2022. Then we learned that it’s all smoke and mirrors.

did you supply an FAQ for your comment? wow, incredible

maybe it worked like that at one point. it’s clear that it no longer works that way, not when the “innovators” also control all the levers of the economy. Everything is a pump-and-dump scheme these days.

Finally, an actually beneficial use case for AI. This is what this technology is good for, pattern predictions based on ridiculously large datasets. But noooo it’s new technology so everyone wants to use it to make themselves rich. I hate this world.

If no one is buying new games, that is bad for Sony and bad for the industry. Part of Sony’s business model is built around the revenue from digital game sales and PS plus memberships. You ain’t makin money from those if no one is using the consoles they bought.