Ventoy is a tool to make a USB with multiple ISOs bootable, letting you select which ISO to use on boot. Another newly-created account claims to be the dev’s friend and translator and has received no contact from the maintainer.

  • Aatube@kbin.melroy.orgOP
    link
    fedilink
    arrow-up
    27
    ·
    1 month ago
    1. Around April, there was this big thing where a maintainer for XZ Compression included an SSH backdoor in binaries that were only built on release. If a freaking piece of compression software can backdoor SSH, who knows what else is possible.
    2. The response to the blob concern is nonsensical, made without their previously-known accounts, and coincides with someone’s claim that they are a close friend and was on vacation to China, the country where the XZ maintainer was from.
    • just_another_person@lemmy.world
      link
      fedilink
      arrow-up
      19
      arrow-down
      2
      ·
      1 month ago

      The xz issue is something totally different though. That was a software library running and executing against flat files. I’m just not sure there’s a way to alter an ISO image before boot, undetected in the case of Ventoy.

      If the goal is to alter files to provide access to something, this must be some sort of ingenious way that bypasses checksums, and targets something universal, which doesn’t seem quite possible in the case of a substitute bootloader.

      • Aatube@kbin.melroy.orgOP
        link
        fedilink
        arrow-up
        5
        ·
        1 month ago

        Yeah, it would be really big. I wouldn’t have posted about this if it weren’t for the radio silence and blabbering statement.