I was genuinely excited when I first learnt about the Ventoy from a YouTube, then I came to these:
Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months https://programming.dev/post/19516543
Ventoy Update https://programming.dev/post/20508826
https://github.com/ventoy/Ventoy/issues/2795
https://www.reddit.com/r/Ventoy/comments/1flw461/today_i_discovered_ventoy/
so maybe I’ll hold off with Ventoy for now?
The “Ventoy Update” post looks rather suspicious to me. The dev didn’t respond to the GitHub issue, so this might just be some jackass pretending to be the dev.
But independently of that, the BLOBs are even more suspicious…
i’d brush the blobs off as secure boot stuff if the dev didn’t ignore the issue for months. Now that’s sus.
I wouldn’t trust it in its current state. Maybe things will get cleared up in time, maybe not.
With that said, how necessary is Ventoy, really? How much time & effort is it really saving you?
Not strictly necessary, but being able to carry all my ISOs on a single USB key saves me from having to redo the whole USB Stick Writer thingy every time. Is there another tool out there that does this and makes it easy for the plebs like myself?
I understand how this could be a prime target of a supply chain attack and that things are a bit fishy. On the other hand people are waaaay less picky about installing other binary blobs on their machines. I wish paranoia would be more general :)
I stopped using Ventoy. I don’t trust the OSs installed by means of it, sadly. Also, lost any hope of a clarification on the issue. Yes, you should not use it for the time being.
I’ve never felt the need for it and didn’t know what it was til just now. dd’ing image files to USB drives has worked fine for me.