I remember a story where people asked about blobs included in Ventoy and there were no comments from the devs, leading to suspicion.
At the time it wasn’t clear to me if there was any substance to the story or if it was the usual Internet exaggeration, so I resolved to ignore it for the time being and saved a reminder to look into it after a while.
Now my reminder fired off and I looked around, but couldn’t find how the story ended… do you know?
I thought one of them did comment about it and it was something like the uefi drivers taken from Fedora or something.
That screenshot is from another site. An account named longpanda has also appeared on lemmy and had their post/replies removed because of impersonation suspicions.
I think it is wise to take extra care on this issue on what you read and trust.
I’m in a similar boat to you; whether the blobs constitute a security threat seems to still be up in the air. I read through the issue thread on github a few months back and it seemed the vast majority of the blobs were built by scripts contained in the repository, but some weren’t documented well, leading to uncertainty.
The comment by Long0x0 on Aug 05 lists a lot of the blob files.
Blobs aren’t really a concern as they reference the sources which produce the same binaries, but there are suspicions of compromise due to the Lemmy comments mentioned in the thread. The official accounts’ comments alleviate some of that, though.
It didn’t end. Fuck Ventoy, I’ll use something else
GLIM is an option that is a little harder to use but has the ability to load up multiple ISO’s, and it is fully open source.
