Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months

SatyrSack@lemmy.one · 5 months ago

Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months

stickmanmeyhem@lemmy.world · 5 months ago

If the hashes match the files from the Fedora or OpenSUSE releases, then does this really matter?

Quail4789@lemmy.ml · edit-2 4 months ago

deleted by creator

Pup Biru@aussie.zone · 5 months ago

that’s what automation is for - nobody is going to manually check them, but anyone is able to automatically set something up to check their hashes in change… the fact that it’s possible that anyone is doing that now that it’s a known issue perhaps makes it less problematic as an attack vector

refalo@programming.dev · 5 months ago

That is true, but also nobody is doing it. Just like nobody is verifying Signal’s “reproducible builds”.

Pup Biru@aussie.zone · 5 months ago

are you sure?

there could be thousands just waiting for a failure to come out and say “HEY THIS IS DODGY”

Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months

Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months

[issue]: Remove BLOBs from the source tree · Issue #2795 · ventoy/Ventoy