Sorry, I messed up Ricardo's email address in my previous follow-up, so his reply went to me only. I'm quoting his input with his permission:
Older versions of SMPlayer downloaded a javascript function from > http://updates.smplayer.info/yt.js in order to decrypt a signature, > which it's necessary to play some Youtube videos (mostly music > videos). Newer versions don't do it anymore because now SMPlayer > downloads the original function from a Youtube page. If you consider > this to be also insecure, you can disable it by commenting the line > DEFINES += YT_USE_SIG in smplayer.pro. It seems that I confused the define YT_USE_SIG (which is still enabled) with the define YT_USE_*YT*SIG (which is currently commented out in smplayer.pro). My bad, sorry. I'll add a patch to the debian packaging that disables that shortly. I'm also happy to upload it as soon as I hear back from Mateusz regarding my question(s) about mongoose. Thanks everyone! -- regards, Reinhard
