Performance is not the goal, but cleaner code and more manageable code. But both will ultimately lead to better performance. As of now it was basically impossible to change something in the database structure since it was hard to estimate the impact of it.

… and may also break compatibility with previous 10.Y releases if required for later cleanup work.

If you read through the whole paragraph, it is clear that they mean the compatibility of previous jellyfin versions.

Also, again:

Note however that the 10.Y.Z release chain represents the “cleanup” of the codebase, so it should be accepted that 10.Y.Z breaks all compatibility,

That means that the code is not cleaned up with that release.

If you would release 11 before the code is considered cleaned up, you would basically break your own defined versioning convention. That is best decided by the active maintainers.

Consider the 10.y.z simply to be 0.y.z and everything works out.

Jellyfin inherited a lot of shitty code and architecture from emby. They simply cannot guarantee anything across patches until it is sorted out.

imho much better then releasing major version after major version because the break stuff regularly.

Also for internal use. The original emby source used not within the code base standardized database access.

Basically changes to the database were not possible since finding references across the code base which part uses which values was impossible.

Note however that the 10.Y.Z release chain represents the “cleanup” of the codebase, so it should be accepted that 10.Y.Z breaks all compatibility,

Its right there at the link you posted.

Tailscale offers way more then just wireguard. ACLs, NAT traversal etc. etc.

While some use cases can be replaced with traditional wireguard, others not.

Really surprised about this. I am using syncthing now for many years on various devices and never encountered issues with it. And also, file sync is not a backup solution.

cve-2021-3156 heap overflow in sudo. roughly 10 years long in sudo. Allowed privilege escalation. It was huge.

Still the same but afaik they now somewhat support running zfs

I only can assume: 1.5 months rounded up, using 31 days a month 31+16=47

So you get half a month to realize that your monthly automated renewal is broken?

Most comments here suggest 3 things

1. least privilege: Which is ok, but on a Server any modification you do requires root anyway, there is usually very little benefit
2. Additional protection through required sudo password: This is for example easily circumvented by modifying the bashrc or similar with an sudo alias to get the password
3. Multiuser & audittrails: yes this is a valid point, on a system that is modified or administered by multiple ppl there are various reasons lime access logging and UAC for that

An actual person from the pen testing world: https://youtu.be/fKuqYQdqRIs

Nope, not really. The only reason ppl recommend it is, because “you have then to guess the username too”. Which is just not relevant if you use strong authentication method like keys or only strong passwords.

I don’t use browser extensions and I manually copy/paste my passwords to fill in entries.

On most systems copy pasting is heavily insecure since a lot of processes have access to the clipboard. autotype and thinga like browser extensions are considered more secure.

Just because there is no update does not mean there are security vulnerabilities to worry about, or do you have a specific one that is not fixed?

The attack vector seems very narrow to me. It checks the container registry downloads the containers and runs some docker commands.

It has no interface, so in order to attack it you either have to compromise the container registry (but then it would be easier to compromise the containers you download) the secure connection used to download the containers (https is quite stable) or something on the server side.

Also the project does not really look that abundant to me.

EDIT: So i have not checked this, but watchtower is probably using docker for most steps anyway? So basically the only thing that could be attacked is via the notifications watchtower is sending?

Years out of date

What problems does it have? Never ran into an issue for my usecase.

Automatic updates. Works like a dream. Depending on what you are running it can obviously cause issues, either server side breaking or server,client communication issues

Tbf, winget is a god sent and works surprisingly well, took them what? 30 years to get it done?!

Just today I logged into a Workstation at work, just to see 2 versions of Teams being auto launched. And no, no one installed 2 Versions, it was Windows.

Yep. The difference is simply put just ppl are used to the quirks on Windows but not on Linux.

Not necessarily traffic. Often download sites use mirrors to serve you the download. Sometimes those links are provided via a CDN which can be forced to comply to LEA or some other static hosted mirrors which are often hosted by others. The second part is more likely on community managed software.

So either traffic or the server/CDN behind the link. Happened before.