idk the full history, but Joshua’s comment here does not give me the impression of devs that are just deliberately ignoring security issues. It seems like they are simply balancing priorities, which is what all good devs should do. Personally I like that client compatibility is valued over everything else - I would be pissed if they broke the Fire TV client to fix a minor security hole on a niche Linux distro, because then one of my users would be SOL. And as Joshua says in that comment:
many other options are now open to us in a post-10.11 landscape now that we have a proper library database ready.
So it seems like now they are better set up to address the security issues without breaking compatibility.
There are ways to fix these issues while preserving legacy client support. And honestly I don’t see how changing their database mess would help in solving security issues. In the end they’ll have to change their API to a more secure one, which will definitely disrupt client support for future updates
idk the full history, but Joshua’s comment here does not give me the impression of devs that are just deliberately ignoring security issues. It seems like they are simply balancing priorities, which is what all good devs should do. Personally I like that client compatibility is valued over everything else - I would be pissed if they broke the Fire TV client to fix a minor security hole on a niche Linux distro, because then one of my users would be SOL. And as Joshua says in that comment:
So it seems like now they are better set up to address the security issues without breaking compatibility.
There are ways to fix these issues while preserving legacy client support. And honestly I don’t see how changing their database mess would help in solving security issues. In the end they’ll have to change their API to a more secure one, which will definitely disrupt client support for future updates