Open Source

31272 readers

338 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml

442

Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months (github.com)

submitted 2 months ago by SatyrSack@lemmy.one to c/opensource@lemmy.ml

134 comments fedilink hide all child comments

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

(page 2) 50 comments

sorted by: hot top controversial new old

[–] MigratingtoLemmy@lemmy.world 11 points 2 months ago* (last edited 2 months ago) (1 children)

Need to compare hashes between a stock ISO and one ~~flashed~~ booted by Ventoy (dd the latter to a file and check)

[–] pokexpert30@lemmy.pussthecat.org 4 points 2 months ago (1 children)

Wat? Ventoy doesn't flash isos, it boots from them

load more comments (1 replies)

[–] jsomae@lemmy.ml 10 points 2 months ago (3 children)

What does BLOB stand for?

load more comments (3 replies)

[–] ulterno@lemmy.kde.social 9 points 2 months ago

I like multiboot. Used it back when I used Windows.
The Ventoy advertisements on Reddit looked too suspicious, so I never checked it out.

[–] sorter_plainview@lemmy.today 8 points 2 months ago* (last edited 2 months ago) (4 children)

This is a bit absurd. I really don't think this is as serious as some comments say. Also there is a comment from AUR package manager which explains more details. . And even the blobs in the first post there are source and build instructions in their respective folder.

[–] thingsiplay@beehaw.org 12 points 2 months ago

That linked reply doesn't explain anything. It just says "bro trust him". Just because you and the AUR maintainer says its trustful, does not make it clear whats behind the binary blobs. It doesn't matter what anyone says, if we can't verify. In my opinion, its absurd calling others absurd for not trusting the word of others.

load more comments (3 replies)

[–] MonkCanatella@sh.itjust.works 7 points 2 months ago (1 children)

I've had too many issues with Ventoy that I'd rather just use fedora media writer or balenaetcher for when that doesn't work. I mean honestly it's a bit gimmicky, even if it's a cool concept. I believe Glim and some other options exist too

load more comments (1 replies)

[–] pokexpert30@lemmy.pussthecat.org 7 points 2 months ago

I just wish it had a real alternative. GRUB on USB doesnt support as much distros or windows.

[–] Rentlar@lemmy.ca 7 points 2 months ago

It's a useful tool, but there is a security concern for anything not fully open source. You will have to weigh your risk factors, I doubt that it's any problem for most consumers or distro hoppers.

Best to keep an eye in case any new contributers arrive suddenly...

[–] TinyShonk@lemmy.world 7 points 2 months ago (2 children)

Is BLOB an acronym?

load more comments (2 replies)

load more comments