This is terrible advice, even if I assume you are also using a key-file on a removable usb. An attacker can brute force decrypt your db. There is no rate limiting when you literally have the database file, they could replicate it across thousands of servers each with dozens of cores, each core trying a dozen keyphrases per second. That’s assuming a motivated attacker like a government or crypto scammers, but why open yourself to that possibility?

You can just pass the --update flag when invoking yt-dlp. I don’t think the package itself needs to be up to date in order to work reliably.

This was already true for any detention center: immigration, criminal, war. You are responsible for all deaths and injuries of your prisoners, regardless of circumstances, even if a prisoner is suicidal, even if one prisoner hurts another. The fact that they are even trying to deflect blame is abhorrent, regardless of the accuracy.