this post was submitted on 17 Sep 2024
450 points (98.9% liked)

Open Source

31021 readers
465 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
450
Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months (github.com)
submitted 1 month ago by SatyrSack@lemmy.one to c/opensource@lemmy.ml
128 comments fedilink hide all child comments
 

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

you are viewing a single comment's thread
view the rest of the comments
[–] PowerCrazy@lemmy.ml 58 points 1 month ago (3 children)

Hey guys open source is great you can look at all the code and therefore there are no security backdoors etc. Also here are a bunch of pre-compiled blobs in the repo, don't worry about those, but they are required to run the program.

[–] spankmonkey@lemmy.world 89 points 1 month ago

The fact that people know there are pre-compiled blobs in open source means they have an informed reason to avoid the software!

[–] delirious_owl@discuss.online 19 points 1 month ago (1 children)

Right, the fact that it's open is the reason this came to light, and we're having this discussion

[–] ulkesh@beehaw.org 3 points 1 month ago (2 children)

Exactly. Acting like this is an “ah-ha, see?!!” moment when this is exactly what open source is designed for. That’s like saying global warming is a hoax because “oh look it’s snowing”.

[–] delirious_owl@discuss.online 1 points 1 month ago (1 children)

Well, it is an "ah-ha, see!" moment, because it shows the benefit of open source.

Its more like pointing at the absence of a glacier on a mountaintop and saying "yep, see, climate change does exist"

[–] ulkesh@beehaw.org 1 points 1 month ago

I was referring to the commenter and how it read to me :) But agreed, what you said, too.

[–] PowerCrazy@lemmy.ml 1 points 1 month ago (1 children)

This isn't a knock against opensource programming, but there shouldn't ever be precompiled blobs in the repo unless they are the official builds for the various OS's and if you want to build from source, the pre-compiled blobs shouldn't be part of that, otherwise you can't really claim you are opensource.

[–] ulkesh@beehaw.org 1 points 1 month ago (1 children)

Yes, and that’s what is being called out here. But your original comment makes it sound like you are advocating for closed source software and that somehow open source software is bad.

This is the system working as intended. When potential issues arise, it’s openly discussed and ideally resolved. And if not, trust is lost and people will stop using it.

[–] PowerCrazy@lemmy.ml 1 points 1 month ago* (last edited 1 month ago)

I don't know about the history of the project, but it sounds like those blobs have been there for quite some time. When in reality, the PR that added the blobs in the first place shouldn't ever have been approved.

Actually just checked 3+ years.