459

Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months(github.com)

posted 2 months ago

by

SatyrSack@lemmy.one

in

opensource@lemmy.ml

138 commentshide report

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments View context

[ - ]

nialv7@lemmy.world

17 points

2 months ago

While this is true, it only requires the shim and grub to be copied for another distro.

From other comments there are a lot more blobs than just these two.

report

reply

[ - ]

davad@lemmy.world

3 points

2 months ago

It sounds like most, if not all, come from upstream projects.

report

reply

[ - ]

nialv7@lemmy.world

4 points

2 months ago

Would be nice if the dev can respond and confirm that…

report

reply

[ - ]

davad@lemmy.world

3 points

1 month ago

I think they did say that in the older thread. But for proper security, you shouldn’t have to trust them. You should have build tools that will re-fetch everything to create an identical build. That gives a clear chain of custody, which proves that morning has been tampered with.

report

reply

Open Source

!opensource@lemmy.ml

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

Community stats

3.7K
Monthly active users
1.8K
Posts
30K
Comments

Community moderators