Brother we have the opposite problem. You are not putting yourself in my shoes, or other people like me.

Bold claim. But no i am putting myself in your shoes and yes there was also a time were i tried to work around to host mail myself. But its easy and no headache to set up.

None of those things are necessary. Like I don’t even have email configured on my server because I don’t need it at all except when the developer unnecessarily integrates it to the extent that it breaks it.

Depending on the view, a functioning service something like password reset is necessary. To design the software that it can ship without functioning password can or cannot make sense, depening on the design choices. Depending on what else got send via e-mail designing the software around that can be challenging and burdening for the future of developing.

If the setup required you to setup e-mail, the software and then also the developer can always assume there is a communication path to the individual user.

As i said, it can and cannot make sense, but saying

That makes no sense.

and not even trying to put yourself into other shoes just does not make sense.

Why wouldn’t you give users the option to not use it?

Since then you would need to have another way to achive the goals e-mail does. Like password resets, user invitations etc. Thats all software burden for that one user that does not want it.

Setting up email is a pain in the ass, costs money, is dependent on 3rd parties, violates privacy, and is just completely unnecessary.

None of these i would actually say. To work around it you can just simply set up local reachable postfix. Done. You can setup a complete local mail server, with a few clicks.

Choose the software you want to use wisely and dont jump to the first solution you find when you are that licky about your requirements. If you are ao reluctant about e-mail and the service requires it, then maybe the design goals of the software do not fit your goals.

They went with OpenDesk, which uses Nextcloud as Cloud System.

Where have you read that they are going to switch to OpenCloud?

Yes. There are enough signed and exploitable Windows Boot loader which you can use to boot anything you want.

And for containers auto updates once every day.

Got apticron set up on my servers or similar solutions to get notified when updates are available. Then usually, from time of notification +1 or 2 days.

Luckily thanks to their licensing model they basically cannot. Immich has according to github as of now 1606 contributors. Changing the license so that there could even be a proprietary fork would require basically the ok by every contributor (that made a relevant code contribution)

It usually is the directory where you execute the docker compose command.

And which one of those are actually vulnerabilities that are exploitable? First, yes ofc unauthenticated endpoints should be fixed, but with those there is no real damage to be done.

If you know the media path then you can request a playback, and if you get the user ids then you can get all users. That’s more or less it.

Good? No. But far from making it a poor choice exposing it.

If you are using arch and do not subscribe to the rss feed, then it is on you. As described here: https://wiki.archlinux.org/title/System_maintenance#Upgrading_the_system

deleted by creator

Performance is not the goal, but cleaner code and more manageable code. But both will ultimately lead to better performance. As of now it was basically impossible to change something in the database structure since it was hard to estimate the impact of it.

… and may also break compatibility with previous 10.Y releases if required for later cleanup work.

If you read through the whole paragraph, it is clear that they mean the compatibility of previous jellyfin versions.

Also, again:

Note however that the 10.Y.Z release chain represents the “cleanup” of the codebase, so it should be accepted that 10.Y.Z breaks all compatibility,

That means that the code is not cleaned up with that release.

If you would release 11 before the code is considered cleaned up, you would basically break your own defined versioning convention. That is best decided by the active maintainers.

Consider the 10.y.z simply to be 0.y.z and everything works out.

Jellyfin inherited a lot of shitty code and architecture from emby. They simply cannot guarantee anything across patches until it is sorted out.

imho much better then releasing major version after major version because the break stuff regularly.

Also for internal use. The original emby source used not within the code base standardized database access.

Basically changes to the database were not possible since finding references across the code base which part uses which values was impossible.

Note however that the 10.Y.Z release chain represents the “cleanup” of the codebase, so it should be accepted that 10.Y.Z breaks all compatibility,

Its right there at the link you posted.

Tailscale offers way more then just wireguard. ACLs, NAT traversal etc. etc.

While some use cases can be replaced with traditional wireguard, others not.

Really surprised about this. I am using syncthing now for many years on various devices and never encountered issues with it. And also, file sync is not a backup solution.

cve-2021-3156 heap overflow in sudo. roughly 10 years long in sudo. Allowed privilege escalation. It was huge.