Open Source

31133 readers

306 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml

455

Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months (github.com)

submitted 1 month ago by SatyrSack@lemmy.one to c/opensource@lemmy.ml

135 comments fedilink hide all child comments

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

you are viewing a single comment's thread
view the rest of the comments

[–] unionagainstdhmo@aussie.zone 2 points 1 month ago (13 children)

I haven't read to far into this but the issue is completely devoid of contributors and maintainers. I find the wording of the issue quite concerning:

Due to the recent XZ-Utils drama I checked the code and I'm appalled. There are more BLOBS than source code. https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/cryptsetup https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/Unix/ventoy_unix https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/DMSETUP

There is no reason to have those not be build in the release process. Of course it's convenient, they are prebuild, it's fast and nobody has a problem with it.

Recent events however showed that these BLOBs can contain everything and nothing. The build instructions would not produce the exact same executable for everyone. It's better to have GitHub build it on-push and use them out of the build cache.

I would do it myself, but unfortunately I'm not familiar enough with the Ventoy build process to actually do it. I understand that removing BLOBs isn't a priority over new and shiny features. But due to recent events, this should be rethought.

Thank you for reading this and I hope for a productive conversation

This is free software, they don't owe you anything and this kind of language sounds angry and entitled. You can't just Gordon Ramsay on someone else's codebase.

[–] interdimensionalmeme@lemmy.ml 3 points 1 month ago (1 children)

Actually you can and should Gordon Ramsey all over it. It is the duty of audience members to express how they feel honestly about the artwork.

Open Source can and do understand that and open source software becomes better for it.

[–] unionagainstdhmo@aussie.zone 1 points 1 month ago (1 children)

I’m not saying don’t criticise it. It’s about communication. The language isn’t very good. See my other comments

[–] interdimensionalmeme@lemmy.ml 1 points 1 month ago

Yes, that's users for you. A diverse bunch and many lacking in basic politeness. But you just have to listen to whiney users. You just have to... and figure it out if you want to make world class software.

load more comments (11 replies)