- 1 Post
- 3 Comments
Joined 1 month ago
Cake day: September 18th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
31·20 days agoSmaller content creators with fewer views are generally more genuine.
If I see someone with several thousand views, I’m instantly skeptical. If their channel is part of their work, I pay attention too. I’m fine with AI assisted content as long as there’s an actual human behind the keyboard who truly took time to think and used their brain.
Most AI video tools aren’t perfect, so you can only spot the most obvious fakes. If someone takes time to edit a fake video, it becomes very hard to detect. The best way to judge is to check the source, the motive, and whether you trust the person who shared it.
You’re right to bring that up. There was and still is some concern about Ventoy using a lot of precompiled binary files (called “blobs”) in its source code, rather than building everything from source during release. This makes it harder to verify that the binaries are safe and haven’t been tampered with, especially after incidents like the XZ Utils backdoor in 2024.
The developer acknowledges this and has started listing all the blobs with their sources and checksums here:
https://github.com/ventoy/Ventoy/blob/master/BLOB_List.md
This file was created in response to issue #3224, which was opened specifically to address concerns about these blobs. It includes descriptions, where each blob came from, and SHA256 hashes so users can check them manually. However, it doesn’t include automated build scripts, so verification still depends on manual effort.
The discussion started in early 2024 in issue #2795:
https://github.com/ventoy/Ventoy/issues/2795
And as of May 2025, the maintainer proposed a plan to improve transparency by using GitHub CI to build the blobs from source in separate repositories:
https://github.com/ventoy/Ventoy/issues/3224
No major malicious activity has been found, but the lack of full reproducible builds means some trust is required. If you’re security-conscious, it’s worth verifying the hashes yourself or considering alternatives. The project remains open source and widely used, but this issue hasn’t been fully resolved yet.