I was genuinely excited when I first learnt about the Ventoy from a YouTube, then I came to these:
Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months https://programming.dev/post/19516543
Ventoy Update https://programming.dev/post/20508826
https://github.com/ventoy/Ventoy/issues/2795
https://www.reddit.com/r/Ventoy/comments/1flw461/today_i_discovered_ventoy/
so maybe I’ll hold off with Ventoy for now?
You must log in or register to comment.
The “Ventoy Update” post looks rather suspicious to me. The dev didn’t respond to the GitHub issue, so this might just be some jackass pretending to be the dev.
But independently of that, the BLOBs are even more suspicious…
i’d brush the blobs off as secure boot stuff if the dev didn’t ignore the issue for months. Now that’s sus.
I understand how this could be a prime target of a supply chain attack and that things are a bit fishy. On the other hand people are waaaay less picky about installing other binary blobs on their machines. I wish paranoia would be more general :)
Funny, I’m flashing a new PC as we speak and using dd instead of ventoy for this very reason. I’ve also used Balena Etcher in the past.
good 'ol dd, that’s a good way to do it
Yeah, well… turns out the USB wasn’t bootable (grub said it couldn’t load the kernel) so I redid it with Balena and it worked fine.
I noticed yesterday that openSUSE specifically recommends not using Ventoy, due to possible boot issues: https://en.opensuse.org/Create_installation_USB_stick#Ventoy
Just use cp instead. No reason to use dd.
note that the blobs aren’t unknown, they’re builds of submodules that the developer hopefully hasn’t added malware to
I stopped using Ventoy. I don’t trust the OSs installed by means of it, sadly. Also, lost any hope of a clarification on the issue. Yes, you should not use it for the time being.
I wouldn’t trust it in its current state. Maybe things will get cleared up in time, maybe not.
With that said, how necessary is Ventoy, really? How much time & effort is it really saving you?
Not strictly necessary, but being able to carry all my ISOs on a single USB key saves me from having to redo the whole USB Stick Writer thingy every time. Is there another tool out there that does this and makes it easy for the plebs like myself?
I mean, being able to carry a little thing with multiple OSs AND STILL being able to use it as portable storage for other stuff is really useful.
I mean it’s just kinda gimmicky so with this added issue I just can’t support it.
