Took them over a year to say anything?
I have since just gone back to burning single drives and honestly it’s fine. Ventoy was convenient but taking a year to respond to a genuine concern is crazy.
I’m going to guess you’ve never been part of a project with complexity and sheer black magic fuckery comparable to Ventoy. The developer (a singular person) had to make a choice between:
Pandering to a small group of vocal open-source extremists, dedicating a large part of their time to changing the incredibly complex build process to also build the binaries of other open-source projects, potentially at the cost of stability, eventually arriving at a product with the same feature set, pleasing some open-source extremists, but still receiving criticism for “taking a year to respond to a genuine concern”; or
Not doing that and focusing their effort on stability and compatibility fixes to arrive at an improved product.
I’ve read the original issue thread front to back, and it’s a fucking clown show. I can’t blame the developer for not wanting to engage with those people. Nobody is entitled to the developer’s time or attention. Right now the issue is being worked on, which is more than most of the whiners can say about themselves; if you think that’s still insufficient, do better.
I don’t think a simple statement of “I see your concern, I’ll address it when I have time” is really that hard for one person to issue when the alternative is, as you’ve said, letting “a fucking clown show” fester on. It would’ve made my worries go away if the developer had said literally anything instead of radio silence for a year. Sure, no one is entitled to a developers time or attention. That developer is also not entitled to my trust or recommendation to others when a serious issue was swept under the rug for over a year. There’s no doing better when it comes to a matter of personal opinion on how a situation was handled.
There is also a new community fork to get rid of the blobs and bad cert loading. The ventroy dev has made a bunch of concerning choices so some people hard forked the code. I forgot where is was though.
Happened after a partner product in the Ventoy repo was found to have a pretty major vulnerability due to a… you guessed it, pre-compiled supply chain attack.
From the Ventoy developers: the blobs are getting unblobbed.
Took them over a year to say anything? I have since just gone back to burning single drives and honestly it’s fine. Ventoy was convenient but taking a year to respond to a genuine concern is crazy.
I’m going to guess you’ve never been part of a project with complexity and sheer black magic fuckery comparable to Ventoy. The developer (a singular person) had to make a choice between:
I’ve read the original issue thread front to back, and it’s a fucking clown show. I can’t blame the developer for not wanting to engage with those people. Nobody is entitled to the developer’s time or attention. Right now the issue is being worked on, which is more than most of the whiners can say about themselves; if you think that’s still insufficient, do better.
Mr Ventoy has too many problems
I don’t think a simple statement of “I see your concern, I’ll address it when I have time” is really that hard for one person to issue when the alternative is, as you’ve said, letting “a fucking clown show” fester on. It would’ve made my worries go away if the developer had said literally anything instead of radio silence for a year. Sure, no one is entitled to a developers time or attention. That developer is also not entitled to my trust or recommendation to others when a serious issue was swept under the rug for over a year. There’s no doing better when it comes to a matter of personal opinion on how a situation was handled.
There is also a new community fork to get rid of the blobs and bad cert loading. The ventroy dev has made a bunch of concerning choices so some people hard forked the code. I forgot where is was though.
Is this the one you’re talking about? https://github.com/fnr1r/ventoy-cpio
That’s the one
oh wow that really put the trust back into Ventoy. Nice! Thanks for the link
Happened after a partner product in the Ventoy repo was found to have a pretty major vulnerability due to a… you guessed it, pre-compiled supply chain attack.