436

Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months(github.com)

posted
by
Avatar
SatyrSack@lemmy.one
in
Avatar
opensource@lemmy.ml
132 comments
hidereport

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
Todd Bonzalez@lemm.ee
25 points

Anyone who wants to fix this can help fix it, but people are just making demands of an unpaid maintainer. The devs can run this project the way they want to. If you don’t like it, don’t use Ventoy.

The people comparing this to the xz exploit are out of line. xz was a library that was deeply embedded in a lot of software. Ventoy is an IT tool used to boot live OSes. Not even remotely the same attack surface.

Blobs in the source tree are not ideal, but people need to pick their battles.

permalink
report
reply
Avatar
zarkanian@sh.itjust.works
4 points

If you don’t like it, don’t use fork Ventoy.

permalink
report
parent
reply
Avatar
Lemongrab@lemmy.one
49 points

From what others have said: The blobs violate GPL because they are taken from other FOSS project but the changes Ventoy makes are not viewable.

permalink
report
parent
reply

Open Source

!opensource@lemmy.ml

Create post

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

  • Posts must be relevant to the open source ideology
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

Community stats

  • 5.5K

    Monthly active users

  • 892

    Posts

  • 6.6K

    Comments

Community moderators