438

Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months(github.com)

posted
by
Avatar
SatyrSack@lemmy.one
in
Avatar
opensource@lemmy.ml
132 comments
hidereport

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
Pup Biru@aussie.zone
21 points

that’s what automation is for - nobody is going to manually check them, but anyone is able to automatically set something up to check their hashes in change… the fact that it’s possible that anyone is doing that now that it’s a known issue perhaps makes it less problematic as an attack vector

permalink
report
parent
reply
Avatar
refalo@programming.dev
2 points

That is true, but also nobody is doing it. Just like nobody is verifying Signal’s “reproducible builds”.

permalink
report
parent
reply
Avatar
Pup Biru@aussie.zone
4 points

are you sure?

there could be thousands just waiting for a failure to come out and say “HEY THIS IS DODGY”

permalink
report
parent
reply
Avatar
refalo@programming.dev
1 point
*

Yea because I tested it myself. Nobody else seems to care, and if they did, I would think there would be a public way to see regular test results regardless.

I know this exists for some projects, but somehow nothing privacy-sensitive

permalink
report
parent
reply

Open Source

!opensource@lemmy.ml

Create post

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

  • Posts must be relevant to the open source ideology
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

Community stats

  • 5.5K

    Monthly active users

  • 892

    Posts

  • 6.6K

    Comments

Community moderators