[issue]: Remove BLOBs from the source tree · Issue #2795 · ventoy/Ventoy
github.com
What happened? Due to the recent XZ-Utils drama I checked the code and I'm appalled. There are more BLOBS than source code. https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f8946...

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

  • Pup Biru@aussie.zoneEnglish
    1·
    2 months ago

    that’s what automation is for - nobody is going to manually check them, but anyone is able to automatically set something up to check their hashes in change… the fact that it’s possible that anyone is doing that now that it’s a known issue perhaps makes it less problematic as an attack vector

    • refalo@programming.dev
      1·
      2 months ago

      That is true, but also nobody is doing it. Just like nobody is verifying Signal’s “reproducible builds”.