SatyrSackSep 17, 2024

Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months

https://lemmy.one/post/19193506

Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months - Lemmy.one

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

Show threadn2burnsSep 17, 2024

I too wish the developer would respond, but I don’t think this is the catastrophe people are making it out to be. One comment seems to explain why these binaries are included:

Because ventoy supports shim, and by extension secure boot, these files needs to come from a signed Linux distro. In this case they are taken from Fedora releases, and OpenSUSE apparently, as they publish shim binaries and grub binaries signed by their certificate.

[issue]: Remove BLOBs from the source tree · Issue #2795 · ventoy/Ventoy

What happened? Due to the recent XZ-Utils drama I checked the code and I'm appalled. There are more BLOBS than source code. https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f8946...

GitHub
Show threadReversalHatchery
that’s only a few files out of the 153
Sep 18, 2024 at 1:20amWeb
Show threadrefaloSep 18, 2024
153 binaries? where?