Ah, interesting. So in principle they wouldn't leave a VLC or Media player with a big bug out there for long. The VLC of Mint is actually older 3.0.20-3build6 and it also looks like backported 3 times. I thought they were the same as Ubuntu but apparently not.
I understood they backport security updates, but is that also for apps in the software manager? For example: Currently I am using Mint. The VLC version there is 3.0.20 which is behind 2 years (current is 3.0.23). According to the releases of VLC, it indicated security fixes. Do these get fixes within the old number or are they neglected? What do you think? I concord by the wya on what you say related to rolling distro vs stable.
And I never worried one time in my life about exploits in media files, it’s just extremely unlikely that between the time a 0day is discovered, and your system is updated (you do update frequently, right?), that torrent is going to exploit some player or media library.
Last time I heard of something like that, it was like 10 years ago, a gstreamer 0day that got quickly patched.
Executable files aren’t going to execute themselves. If you don’t chmod +x them they shouldn’t execute at all even if you click them. I guess it can depend on your system.
I am much more concerned about internet facing applications like a web browser or torrent client.
True, the combination of Media Player exploit + Linux + not patched, it is very unlikely. However, what if he is using a Debian based distro? Those may have a couple of year old version of VLC installed in the package manager for example...
I like the post, and have experienced similarly after moving to GOS. What I also like is I could put some apps that I still need (but dont really like) just in case in a Private Space (eg Whatsapp, or banking), this way is always closed and just check it once a day, with a specific purpose. No notifications from there whatsover. Most people (the important ones anyway) know they can reach out immediately if needed via Signal.