(github.com)

285 points wilsonfiifi | 1 comments | 30 Oct 25 14:23 UTC | HN request time: 0.209s | source

Show context

mkesper ◴[30 Oct 25 15:04 UTC] No.45760844[source]▶

>>45760340 (OP) #

The lot of (partially scary) binary blobs is still an unsolved issue: https://github.com/ventoy/Ventoy/issues/3224

replies(5): >>45760882 #>>45760933 #>>45761425 #>>45761632 #>>45761980 #

i4qpLmoptUph3fZ[dead post] ◴[30 Oct 25 15:52 UTC] No.45761425[source]▶

>>45760844 #

[flagged]

junon ◴[30 Oct 25 16:02 UTC] No.45761520[source]▶

>>45761425 #

The rationale for needing a random driver makes some sense. The statement that they found a random build that was signed by some randy is a horrifying prospect.

replies(1): >>45762457 #

fukka42 ◴[30 Oct 25 17:17 UTC] No.45762457[source]▶

>>45761520 #

Someone compared hashes of the sectors of both drivers and they are identical except for the signature.

You don't know what due diligence was done.

replies(1): >>45762732 #

junon ◴[30 Oct 25 17:36 UTC] No.45762732[source]▶

>>45762457 #

I don't, no, but why should I trust the maintainer, and why should the maintainer trust Randy from some random site?

replies(2): >>45763211 #>>45763326 #

1. i4qpLmoptUph3fZ ◴[30 Oct 25 18:23 UTC] No.45763326[source]▶

>>45762732 #

To sibling comment: I don't understand your line of reasoning. How does using someone's software make you trust them? Don't you need trust to run someone's software first?

↑

Ventoy: Create bootable USB drive for ISO/WIM/IMG/VHD(x)/EFI Files