I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

  • ⸻ Ban DHMO 🇦🇺 ⸻@aussie.zone
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    13
    ·
    2 months ago

    I haven’t read to far into this but the issue is completely devoid of contributors and maintainers. I find the wording of the issue quite concerning:

    Due to the recent XZ-Utils drama I checked the code and I’m appalled. There are more BLOBS than source code. https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/cryptsetup https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/Unix/ventoy_unix https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/DMSETUP

    There is no reason to have those not be build in the release process. Of course it’s convenient, they are prebuild, it’s fast and nobody has a problem with it.

    Recent events however showed that these BLOBs can contain everything and nothing. The build instructions would not produce the exact same executable for everyone. It’s better to have GitHub build it on-push and use them out of the build cache.

    I would do it myself, but unfortunately I’m not familiar enough with the Ventoy build process to actually do it. I understand that removing BLOBs isn’t a priority over new and shiny features. But due to recent events, this should be rethought.

    Thank you for reading this and I hope for a productive conversation

    This is free software, they don’t owe you anything and this kind of language sounds angry and entitled. You can’t just Gordon Ramsay on someone else’s codebase.

    • bleistift2@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      10
      ·
      2 months ago

      I cannot fathom what in this issue description gives rise to your concern. It’s worded very calmly, clearly explaining why the author thinks these BLOBs shouldn’t be there, expressing an understanding that it’s not a top priority and even closing with a thank you.

      • ⸻ Ban DHMO 🇦🇺 ⸻@aussie.zone
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        edit-2
        2 months ago

        Is this not rude:

        I checked the code and I’m appalled. There are more BLOBs than source code

        And this:

        I understand that removing BLOBs isn’t a priority over new and shiny features. But due to recent events, this should be rethought.

        We didn’t like it when MS made an issue trying to direct ffmpeg

        They should have opened with a complement or asked for directions if they didn’t know. In this message “Thank You” means fuck all

        • bleistift2@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          Is this not rude:

          I checked the code and I’m appalled. There are more BLOBs than source code

          No. The commenter is voicing their own feelings and explains why they have them. There is neither blaming nor rudeness here.

          And this:

          I understand that removing BLOBs isn’t a priority over new and shiny features. But due to recent events, this should be rethought.

          It would have been nice if you had explained why you think this is rude. The author expresses understanding that the maintainers’ priorities don’t align with the author’s. This seems to be an uncontroversial statement to me.

          Then the author explains (I agree, it’s more a hint than an explanation) why they think the priorities should be changed. In my view their argument is sound. Again, there is no blaming or rudeness here.

          They should have opened with a complement

          I assume you mean “compliment”.

          I’ve often heard of the “sandwich technique” – start with a compliment, then voice criticism, end with another positive thing. I find this is an appropriate procedure when voicing open feedback, that is, good things and bad things. However, this is a Github issue. Its whole point is to point out a perceived problem, not to give the maintainers a pat on the back or thank them.

          • ⸻ Ban DHMO 🇦🇺 ⸻@aussie.zone
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            2 months ago

            I don’t understand how “appalled” being strong language is so controversial, maybe everyone here is just a rude little shit.

            I would have worded it like so:

            Hi, I’m concerned about the BLOBs used in this repo as they are a security risk, making the code less auditable. It looks like we could generate these BLOBs in a github action or something so we can keep the fast build process while making it easier to audit the code. I’m not exactly sure how to go about this myself but I’ve done similar things in other projects, maybe you could point me in the right direction as I am unfamiliar with the ventoy build process? Thanks for the really cool project, and hopefully we can sort this out easily. Looking forward to your response.

            I did it with less anger and entitlement and in less words

    • lorty@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      2 months ago

      I mean the author has simply ignored this issue. If you look into it there are a few that people simply do not know how to generate, so without the maintainer it’s impossible to make a PR solving this.

      • ⸻ Ban DHMO 🇦🇺 ⸻@aussie.zone
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        7
        ·
        2 months ago

        I mean if I got an issue that sounded that entitled and this is something I do in my spare time, I’d probably ignore it.

        My point is they could have worded it better and it might have gotten a response. If you ask kindly about the BLOBs and maybe for some help to push you in the right direction instead of saying “I don’t know”, then it is fair to call the maintainer rude for ignoring it completely.

    • interdimensionalmeme@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      2 months ago

      Actually you can and should Gordon Ramsey all over it. It is the duty of audience members to express how they feel honestly about the artwork.

      Open Source can and do understand that and open source software becomes better for it.

        • interdimensionalmeme@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          Yes, that’s users for you. A diverse bunch and many lacking in basic politeness. But you just have to listen to whiney users. You just have to… and figure it out if you want to make world class software.