In #2795 there are some discuss about the BLOBs in Ventoy. For a long time, I devoted my limited spare time to adding new features and fixing bugs and didn't get around to considering this. It shou...
The fact remains though: why did they literally go radio silence on this issue for over a year? Like, a simple, “I would like to notify everyone that I’m working on this.” would have been sufficient. Was that too much to ask?
Those being 1.0.98, 1.0.99, 1.1.00, 1.1.01, 1.1.02, 1.1.03, 1.1.04 and 1.1.05. The most recent of these was released at the 24th of February of this year. ↩︎
I mean the specific issue about the binary blobs. Something that might set off alarm bells for you or a security-focused group may not do so for some dude working on a passion project in his free time.
The example sentence could also be something like “I would like to notify everyone that I’m aware of this issue and I intend to start tackling it from <insert date> onwards. Allow me to explain the status quo for … (etc. etc.).”. Or whatever sentence you like. The point is not what the exact message is, but an alternative to the absolute radio silence we’ve met.
As for them working on it or not. Clearly, they haven’t worked on it until now. But I don’t understand what was so crucial in the last 8 releases that they couldn’t address this issue instead. Especially, in the aftermath of the XZ utils backdoor. But that’s not the issue I was trying to address with my previous comment. The issue is radio silence. It doesn’t have to set off alarm bells for themselves in order to acknowledge (timely) the concern a chunk of its user base experiences.
Life situations can get unpredictable sometimes. It happens to me as well from time to time.
I do think that it might be time to hand the project over to the community. But on the other hand, perhaps they have too much sense of ownership, which I do understand somewhat.
The fact remains though: why did they literally go radio silence on this issue for over a year? Like, a simple, “I would like to notify everyone that I’m working on this.” would have been sufficient. Was that too much to ask?
Maybe they weren’t working on it.
If with “it” you refer to Ventoy, then I’d like to inform you that they’ve been doing a good job at maintaining it. They’ve even had multiple releases[1] since the (original) issue was opened.
Those being 1.0.98, 1.0.99, 1.1.00, 1.1.01, 1.1.02, 1.1.03, 1.1.04 and 1.1.05. The most recent of these was released at the 24th of February of this year. ↩︎
I mean the specific issue about the binary blobs. Something that might set off alarm bells for you or a security-focused group may not do so for some dude working on a passion project in his free time.
Thanks for clarifying.
The example sentence could also be something like “I would like to notify everyone that I’m aware of this issue and I intend to start tackling it from <insert date> onwards. Allow me to explain the status quo for … (etc. etc.).”. Or whatever sentence you like. The point is not what the exact message is, but an alternative to the absolute radio silence we’ve met.
As for them working on it or not. Clearly, they haven’t worked on it until now. But I don’t understand what was so crucial in the last 8 releases that they couldn’t address this issue instead. Especially, in the aftermath of the XZ utils backdoor. But that’s not the issue I was trying to address with my previous comment. The issue is radio silence. It doesn’t have to set off alarm bells for themselves in order to acknowledge (timely) the concern a chunk of its user base experiences.
It’s pretty obvious that by “it” they meant the issue.
Life situations can get unpredictable sometimes. It happens to me as well from time to time.
I do think that it might be time to hand the project over to the community. But on the other hand, perhaps they have too much sense of ownership, which I do understand somewhat.