this post was submitted on 17 Sep 2024
442 points (99.1% liked)

Open Source

31272 readers
329 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

(page 3) 41 comments
sorted by: hot top controversial new old
[–] unionagainstdhmo@aussie.zone 2 points 2 months ago (13 children)

I haven't read to far into this but the issue is completely devoid of contributors and maintainers. I find the wording of the issue quite concerning:

Due to the recent XZ-Utils drama I checked the code and I'm appalled. There are more BLOBS than source code. https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/cryptsetup https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/Unix/ventoy_unix https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/DMSETUP

There is no reason to have those not be build in the release process. Of course it's convenient, they are prebuild, it's fast and nobody has a problem with it.

Recent events however showed that these BLOBs can contain everything and nothing. The build instructions would not produce the exact same executable for everyone. It's better to have GitHub build it on-push and use them out of the build cache.

I would do it myself, but unfortunately I'm not familiar enough with the Ventoy build process to actually do it. I understand that removing BLOBs isn't a priority over new and shiny features. But due to recent events, this should be rethought.

Thank you for reading this and I hope for a productive conversation

This is free software, they don't owe you anything and this kind of language sounds angry and entitled. You can't just Gordon Ramsay on someone else's codebase.

load more comments (13 replies)
[–] independantiste@sh.itjust.works 1 points 2 months ago
[–] Common_Radish_4964@r.nf 1 points 1 month ago

going back to using multiple usb

[–] Dreadful6644@lemmy.world 1 points 1 month ago

Is there an alternative to Ventoy for booting Windows vhd images from an ntfs partition?

[–] TCB13@lemmy.world -3 points 2 months ago (1 children)

Hm, so now people suddenly notice and care about this? lol

[–] capital@lemmy.world 2 points 2 months ago

First I’m hearing of it and I’m starting to question my security given I installed my OS using it.

load more comments
view more: ‹ prev next ›