> Deepin is a distribution developed in Wuhan, China by Deepin Technology. Its homepage proclaims it "the top Linux distribution from China" ... The extensive EULA is uncommon for the Linux space, and the privacy policy goes into some detail about the types of information they collect – not just browser history, but information on when you use your computer and the applications installed on your system.
What underlying result are you hoping the long term fixation on asking this question going to resolve? The developer is Chinese and probably doesn't care what someone else's preferred distro is or maybe they are associated with it - what difference does it make to why it's on the site and why not just ask them directly about it instead?
If you mean to just highlight the association with Deepin it doesn't need to be guised as a question.
If you look at https://github.com/ventoy then longpanda is ventoy and they're very likely from China:
> It would be much appreciated if you want to make a small donation to support my work!
> Alipay, WeChat Pay, PayPal and Bitcoin are available for donation. You can choose any of them.
From the very beginning I've been reluctant to use Ventoy. In the beginning there were no instructions on how to build from source. Then after that there were binary blobs that were used in the build.
So far I've never used Ventoy due to these issues. The concept sounds great though.
The attitude in the comments regarding the "look you can see how it's built" is concerning.
A simple virus could easily backdoor every binary on the system which built the file, rince and repeat.
Before anyone says that Linux virus do not exist, I have written a handful, as I'm sure many others have. Do not assume lack of observation to be confirmation of your view.
Yeah that part has always been weird. I will say that it works wonderfully, especially if you need to install windows from a usb but only have computers running Linux/Mac available
The demand for a Ventoy-like tool is clearly there, but I hope that one day we'll have an alternative that we can actually trust. Until then it seems that having a small collection of USB sticks is still the way to go, the inconvenience is preferable to the whole installation getting compromised.
I use and recommend ventoy for convenience. It is so convenient. That is, good for nerds to play with hardware and test distros. Not for end users.
For security, I always recommend Burning an ISO into a physical optical disc. Check the ISO MD5 before burning. No thumbdrives.
Then pray god your Government only aproves sales of backdoored hardware where you live. I recommend at least disabling (pulling out) the build-in Network cards (yes, wifi/bt too) and buying usb replacements.
Aside from the security issues, this project is pretty clearly violating the GPL by distributing binary versions of other people's code without including either the source code or the original copyright notices.
GPL does not mandate inclusion nor public availability of source code. The code must provided to users upon request. Most providers of binaries make the source public so they don't have to handle each request manually.
No where near the ergonomics as far as I can tell, but with containers, there's been an effort to make bootable containers. I seem to remember there being some other options (I wanna say like Wyvern or something like that was one but not finding it), but the big obvious effort is bootc. https://containers.github.io/bootable/projects.html . 38d old thread: https://news.ycombinator.com/item?id=40289120
I love using my IODD in "dual-mode" with Clonezilla. It exposes a USB-DVD drive with an emulated Clonezilla DVD in it as well as its' HDD storage so I can dump an image right to the hard drive.
(Bonus points: I can then have Clonezilla bundle me a clonezilla-iso package of my captured image, and save it back into the ISO folder to boot from later!)
I almost want one of these, except I have no use for it nowadays. Ventoy didn't even work the one time I tried it, probably because it couldn't hook nixos's initrd properly.
But also, I'm insanely frustrated that (1) Google doesn't allow USB Gadget mode to do this from stock Android (2) the app that appeared to work for LineageOS/rooted devices is abandonware.
There's no good reason why your phone can't serve up ISOs with gadget mode.
I already travel with my ancient Pixel 3a as a backup (which has come in handy, clumsy me). It would be slick to have that as a portable ISO host, and backup phone. (Ignore the USB2 USB-C port, it's fine.)
You can create your own multi-boot media fairly easily with Syslinux. My understanding of Ventoy was that it was just a set of config scripts for Syslinux in the first place.
I remember that when I first encountered Ventoy a while back, it appeared to be just a bootable ISO pre-configured with Syslinux. I didn't use it much, since I already had my own Syslinux config with a variety of bootable environments that I found useful already set up.
Has it involved into something more complex? It seems odd to complain about binary blobs in something that is meant to be a tool for aggregating pre-existing binary boot media into a single image.
It's not odd because you may trust the boot media and not the actual tool. There should be a way to just dump ISO files directly onto a disk and be presented with a menu very simply to boot one of them. It would require the least amount of trust.
Are there any real concerns about Ventoy and security? So ig I use it to boot installer, the installed OS can be backdoored? Or is it just some „possibility”, but rather unreal?
netboot.xyx is also killer though slightly different. I installed a permanent netboot version on my home server so I never need to boot an install disk again, but you can also flash it to USB.
Readit News
Ventoy developer longpanda offers tools for injection into Linux and Windows ISOs, which work with the Ventoy injection plugin, https://news.ycombinator.com/item?id=38691857
> Deepin is a distribution developed in Wuhan, China by Deepin Technology. Its homepage proclaims it "the top Linux distribution from China" ... The extensive EULA is uncommon for the Linux space, and the privacy policy goes into some detail about the types of information they collect – not just browser history, but information on when you use your computer and the applications installed on your system.
If you mean to just highlight the association with Deepin it doesn't need to be guised as a question.
> It would be much appreciated if you want to make a small donation to support my work! > Alipay, WeChat Pay, PayPal and Bitcoin are available for donation. You can choose any of them.
So far I've never used Ventoy due to these issues. The concept sounds great though.
A simple virus could easily backdoor every binary on the system which built the file, rince and repeat.
Before anyone says that Linux virus do not exist, I have written a handful, as I'm sure many others have. Do not assume lack of observation to be confirmation of your view.
On one hand, it integrates a lot of open source components, but there is enough custom stuff going on that I’m concerned.
Look how it boots a Linux live cd… Initramfs injection is well used — perfect for malware.
For security, I always recommend Burning an ISO into a physical optical disc. Check the ISO MD5 before burning. No thumbdrives.
Then pray god your Government only aproves sales of backdoored hardware where you live. I recommend at least disabling (pulling out) the build-in Network cards (yes, wifi/bt too) and buying usb replacements.
"concerning"
No where near the ergonomics as far as I can tell, but with containers, there's been an effort to make bootable containers. I seem to remember there being some other options (I wanna say like Wyvern or something like that was one but not finding it), but the big obvious effort is bootc. https://containers.github.io/bootable/projects.html . 38d old thread: https://news.ycombinator.com/item?id=40289120
https://www.iodd.shop/IODD-ST400-USB-30-External-Encrypted-H...
I love using my IODD in "dual-mode" with Clonezilla. It exposes a USB-DVD drive with an emulated Clonezilla DVD in it as well as its' HDD storage so I can dump an image right to the hard drive.
(Bonus points: I can then have Clonezilla bundle me a clonezilla-iso package of my captured image, and save it back into the ISO folder to boot from later!)
But also, I'm insanely frustrated that (1) Google doesn't allow USB Gadget mode to do this from stock Android (2) the app that appeared to work for LineageOS/rooted devices is abandonware.
There's no good reason why your phone can't serve up ISOs with gadget mode.
I already travel with my ancient Pixel 3a as a backup (which has come in handy, clumsy me). It would be slick to have that as a portable ISO host, and backup phone. (Ignore the USB2 USB-C port, it's fine.)
It's using a Raspberry Pi Zero to emulate a USB CD-ROM. A menu on the device allows you to choose an ISO to boot from.
Deleted Comment
Has it involved into something more complex? It seems odd to complain about binary blobs in something that is meant to be a tool for aggregating pre-existing binary boot media into a single image.
Personally, I don't and use stuff like Rufus[1] instead.
[1]: https://github.com/pbatard/rufus