[issue]: Remove BLOBs from the source tree · Issue #2795 · ventoy/Ventoy
github.com
What happened? Due to the recent XZ-Utils drama I checked the code and I'm appalled. There are more BLOBS than source code. https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f8946...

Dear community,

I hope this message finds you well. I want to take a moment to address the concerns raised in Issue #2795 regarding the BLOB functionality in our app. First and foremost, I sincerely apologize for any confusion or frustration this may have caused. I was on vacation during this time, and I understand that my absence may have contributed to the lack of clarity surrounding this issue.

The BLOB feature is an important aspect of our app, and I recognize that the documentation surrounding it has not been as clear as it should be. I appreciate your patience as we work through these challenges, and I want to assure you that I am fully committed to resolving this matter.

As I return to work, I will prioritize updating the documentation to provide a comprehensive understanding of how the BLOB functionality works. I will also investigate the specific concerns raised in Issue #2795 to ensure that any underlying issues are addressed promptly.

Your trust in our software is paramount, and I am dedicated to regaining any confidence that may have been affected by this situation. I am confident that, with your continued support and feedback, we can enhance the app and provide a better experience for all users.

Thank you for your understanding and for being a part of our community. I look forward to sharing updates with you soon as we work towards improving our app and its documentation.

Warm regards, longpanda

  • deadcade@lemmy.deadca.de
    0·
    20 hours ago

    According to Jim Starkey, the person who coined the term, “Blob don’t stand for nothin’.” However, it is often referred to as a “Binary Large OBject”, meaning a large file with content not easily readable by people.

    With an open source project, you have source code which is turned into executables/“blobs” by the compiler. As long as you trust the compiler, you can (functionally) know the content of the blobs by looking at the source code they were made from.

    In the case of Ventoy, several “blobs” are included from an unknown or vague origin. This is a great way to bundle malware, as seen with the XZ backdoor from earlier this year. As such, the original creator of the linked issue is requesting they are built/obtained at compile time, so either the content or origin of these files can easily be found.