this post was submitted on 17 Sep 2024
458 points (99.1% liked)

Open Source

31713 readers
113 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] MigratingtoLemmy@lemmy.world 12 points 3 months ago* (last edited 3 months ago) (1 children)

Need to compare hashes between a stock ISO and one ~~flashed~~ booted by Ventoy (dd the latter to a file and check)

[–] pokexpert30@lemmy.pussthecat.org 4 points 3 months ago (1 children)

Wat? Ventoy doesn't flash isos, it boots from them

load more comments (1 replies)
[–] jsomae@lemmy.ml 11 points 3 months ago (4 children)
[–] boboblaw@hexbear.net 5 points 3 months ago

Binary Large OBject

load more comments (3 replies)
[–] ulterno@lemmy.kde.social 9 points 3 months ago

I like multiboot. Used it back when I used Windows.
The Ventoy advertisements on Reddit looked too suspicious, so I never checked it out.

[–] sorter_plainview@lemmy.today 9 points 3 months ago* (last edited 3 months ago) (4 children)

This is a bit absurd. I really don't think this is as serious as some comments say. Also there is a comment from AUR package manager which explains more details. . And even the blobs in the first post there are source and build instructions in their respective folder.

load more comments (4 replies)
[–] pokexpert30@lemmy.pussthecat.org 8 points 3 months ago

I just wish it had a real alternative. GRUB on USB doesnt support as much distros or windows.

[–] TinyShonk@lemmy.world 8 points 3 months ago (2 children)
load more comments (2 replies)
[–] Rentlar@lemmy.ca 7 points 3 months ago

It's a useful tool, but there is a security concern for anything not fully open source. You will have to weigh your risk factors, I doubt that it's any problem for most consumers or distro hoppers.

Best to keep an eye in case any new contributers arrive suddenly...

[–] MonkCanatella@sh.itjust.works 7 points 3 months ago (1 children)

I've had too many issues with Ventoy that I'd rather just use fedora media writer or balenaetcher for when that doesn't work. I mean honestly it's a bit gimmicky, even if it's a cool concept. I believe Glim and some other options exist too

load more comments (1 replies)
[–] unionagainstdhmo@aussie.zone 3 points 3 months ago (5 children)

I haven't read to far into this but the issue is completely devoid of contributors and maintainers. I find the wording of the issue quite concerning:

Due to the recent XZ-Utils drama I checked the code and I'm appalled. There are more BLOBS than source code. https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/cryptsetup https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/Unix/ventoy_unix https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/DMSETUP

There is no reason to have those not be build in the release process. Of course it's convenient, they are prebuild, it's fast and nobody has a problem with it.

Recent events however showed that these BLOBs can contain everything and nothing. The build instructions would not produce the exact same executable for everyone. It's better to have GitHub build it on-push and use them out of the build cache.

I would do it myself, but unfortunately I'm not familiar enough with the Ventoy build process to actually do it. I understand that removing BLOBs isn't a priority over new and shiny features. But due to recent events, this should be rethought.

Thank you for reading this and I hope for a productive conversation

This is free software, they don't owe you anything and this kind of language sounds angry and entitled. You can't just Gordon Ramsay on someone else's codebase.

[–] bleistift2@sopuli.xyz 10 points 3 months ago (5 children)

I cannot fathom what in this issue description gives rise to your concern. It’s worded very calmly, clearly explaining why the author thinks these BLOBs shouldn’t be there, expressing an understanding that it’s not a top priority and even closing with a thank you.

load more comments (5 replies)
[–] interdimensionalmeme@lemmy.ml 3 points 3 months ago (2 children)

Actually you can and should Gordon Ramsey all over it. It is the duty of audience members to express how they feel honestly about the artwork.

Open Source can and do understand that and open source software becomes better for it.

load more comments (2 replies)
load more comments (2 replies)
load more comments
view more: ‹ prev next ›