434

Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months (github.com)

submitted 2 days ago by SatyrSack@lemmy.one to c/opensource@lemmy.ml

131 comments fedilink hide all child comments

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

you are viewing a single comment's thread
view the rest of the comments

[-] delirious_owl@discuss.online 21 points 1 day ago

Aaaand thats why all commits should be signed with your pgp key

[-] kautau@lemmy.world 6 points 1 day ago

It sounds like they weren’t using any form of version control, so that’s definitely on them at this point

[-] Alexstarfire@lemmy.world 13 points 1 day ago

What makes you say that? To me, it sounds like that's what they do have cause they tracked the change back to him. The commit message obviously said nothing about the file.

[-] kautau@lemmy.world 3 points 1 day ago

Ah I could see that. I took it as them not knowing where the file came from at all, so they’re just asking all the devs who would have had access at that point, which is why it was “hey do you know anything about this file?” and not “is there a specific reason you committed this file to the build?”

[-] Alexstarfire@lemmy.world 4 points 1 day ago

You think they'd call up devs who left them just to ask if they happen to know about a random file?

[-] kautau@lemmy.world 1 points 2 hours ago

You think they’d call up devs who left them just to ask if they happen to know about a random file?

I mean, that’s what op said happened. Literally with the verbiage of “file we found” and not “file you committed”

[-] Alexstarfire@lemmy.world 1 points 1 hour ago* (last edited 1 hour ago)

I did mean random devs, not the dev they tracked down that made the change.

[-] kautau@lemmy.world 1 points 1 hour ago* (last edited 1 hour ago)

Right, I based it on an estimate on the size of the company and how many devs they’ve had. But if a 7MB file doubled their build size and nobody noticed for 5 years, it likely wasn’t code reviewed or committed and rather just added somewhere, It’d be my guess that it’s a pretty small team, and if they’re willing to call anyone at this point anyway as they only have a few devs, and not just remove the file, they’re probably unsure on if it serves any sort of point, which usually would be clear in a commit or PR

this post was submitted on 17 Sep 2024

434 points (99.1% liked)

Open Source

30302 readers

2200 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml