Why is Deepin the only distro worthy of a "Friendly Link" on the Ventoy home page? Are they a sponsor of the project? Code contributor? Preferred demo platform? <a href="https://web.archive.org/web/20240614040917/https://ventoy.net/en/index.html" rel="nofollow">https://web.archive.org/web/20240614040917/https://ventoy.ne...</a><p>Ventoy developer longpanda offers tools for injection into Linux and Windows ISOs, which work with the Ventoy injection plugin, <a href="https://news.ycombinator.com/item?id=38691857">https://news.ycombinator.com/item?id=38691857</a><p><i>> Deepin is a distribution developed in Wuhan, China by Deepin Technology. Its homepage proclaims it "the top Linux distribution from China" ... The extensive EULA is uncommon for the Linux space, and the privacy policy goes into some detail about the types of information they collect – not just browser history, but information on when you use your computer and the applications installed on your system.</i>
From the very beginning I've been reluctant to use Ventoy. In the beginning there were no instructions on how to build from source. Then after that there were binary blobs that were used in the build.<p>So far I've never used Ventoy due to these issues. The concept sounds great though.
The demand for a Ventoy-like tool is clearly there, but I hope that one day we'll have an alternative that we can actually trust. Until then it seems that having a small collection of USB sticks is still the way to go, the inconvenience is preferable to the whole installation getting compromised.
Aside from the security issues, this project is pretty clearly violating the GPL by distributing binary versions of other people's code without including either the source code or the original copyright notices.
What alternatives are there?<p>No where near the ergonomics as far as I can tell, but with containers, there's been an effort to make bootable containers. I seem to remember there being some other options (I wanna say like Wyvern or something like that was one but not finding it), but the big obvious effort is bootc. <a href="https://containers.github.io/bootable/projects.html" rel="nofollow">https://containers.github.io/bootable/projects.html</a> . 38d old thread: <a href="https://news.ycombinator.com/item?id=40289120">https://news.ycombinator.com/item?id=40289120</a>
I remember that when I first encountered Ventoy a while back, it appeared to be just a bootable ISO pre-configured with Syslinux. I didn't use it much, since I already had my own Syslinux config with a variety of bootable environments that I found useful already set up.<p>Has it involved into something more complex? It seems odd to complain about binary blobs in something that is meant to be a tool for aggregating pre-existing binary boot media into a single image.
Are there any real concerns about Ventoy and security? So ig I use it to boot installer, the installed OS can be backdoored? Or is it just some „possibility”, but rather unreal?
To be fair, the OP was some how just pointing fingers. I took a quick look at the issue, 2 of 3 links mentioned are actually with detailed build instructions. It's only ventoy_unix doesn't. Giving that it's just someone's hobby project, I don't see that as a particular issue. A PR to fix those would be much better than the post.
ventoy is pretty useful even if it is potentially risky. they found a way around the secure boot problems (<a href="https://ventoy.net/en/doc_secure.html" rel="nofollow">https://ventoy.net/en/doc_secure.html</a>) and i will be the first to admit that i enrolled their keys on the devices i use.<p>i am still waiting for an ergonomic way to have a persistent usb install of a linux distro, which does not kill the flash storage over time. till then, i got similar levels of trust of the tool as i do with using windows.