454
submitted 1 month ago by SatyrSack@lemmy.one to c/opensource@lemmy.ml

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

you are viewing a single comment's thread
view the rest of the comments
[-] todd_bonzalez@lemm.ee 29 points 1 month ago

Anyone who wants to fix this can help fix it, but people are just making demands of an unpaid maintainer. The devs can run this project the way they want to. If you don't like it, don't use Ventoy.

The people comparing this to the xz exploit are out of line. xz was a library that was deeply embedded in a lot of software. Ventoy is an IT tool used to boot live OSes. Not even remotely the same attack surface.

Blobs in the source tree are not ideal, but people need to pick their battles.

[-] zarkanian@sh.itjust.works 3 points 1 month ago

If you don't like it, ~~don't use~~ fork Ventoy.

load more comments (1 replies)
this post was submitted on 17 Sep 2024
454 points (98.9% liked)

Open Source

31133 readers
269 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS