Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months

SatyrSack@lemmy.one to Open Source@lemmy.ml – 454 points – [issue]: Remove BLOBs from the source tree · Issue #2795 · ventoy/Ventoy
github.com

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

132

You are viewing a single comment
View all commentsShow the parent comment

Aaaand thats why all commits should be signed with your pgp key

It sounds like they weren’t using any form of version control, so that’s definitely on them at this point

What makes you say that? To me, it sounds like that's what they do have cause they tracked the change back to him. The commit message obviously said nothing about the file.

Ah I could see that. I took it as them not knowing where the file came from at all, so they’re just asking all the devs who would have had access at that point, which is why it was “hey do you know anything about this file?” and not “is there a specific reason you committed this file to the build?”

You think they'd call up devs who left them just to ask if they happen to know about a random file?

You think they’d call up devs who left them just to ask if they happen to know about a random file?

I mean, that’s what op said happened. Literally with the verbiage of “file we found” and not “file you committed”

I did mean random devs, not the dev they tracked down that made the change.

Right, I based it on an estimate on the size of the company and how many devs they’ve had. But if a 7MB file doubled their build size and nobody noticed for 5 years, it likely wasn’t code reviewed or committed and rather just added somewhere, It’d be my guess that it’s a pretty small team, and if they’re willing to call anyone at this point anyway as they only have a few devs, and not just remove the file, they’re probably unsure on if it serves any sort of point, which usually would be clear in a commit or PR