I’m curious what the difference is between Balenca etcher and Ventoy for writing isos to a live USB for distro hopping purposes. I see both recommended in fourms. Is there any advantage to using one over the other? Are they both equally safe/secure?
I’m also curious about trying out new distros. I’ve been using LMDE for about a year now and it’s been fine, but I want to expand my knowledge and see whether LMDE is my favorite distro or not. I’m not the most well versed in Linux and don’t have any prior programming experience so a beginner/mid level distro is what I’m looking for. I want something I can test out without connecting to WiFi (so not arch).
Balena Etcher is a writer that does one ISO at a time. Other similar options are Fedora Writer, Rufus, etc.
Ventoy is one that can do multiple ISOs and is generally easy to manage.
However, be aware that Ventoy has a lot of unknown code involved. There’s binary blobs that the maintainer refuses to open source, so there’s a big question over whether it’s hiding some malware or is using unpatched packages. Nobody knows except the maintainer, and it’s just his word saying it’s safe. You could use it to test out ISOs, but I wouldn’t personally use it to actually install a system.
Also, the Ventoy fanbois are pretty insufferable, and they tend to brigade anyone that speaks ill of Ventoy or its dev.
If you want something similar that’s open source, Glim works and could be a good option; YUMI has been around for a while, but I dunno if it’s still a good project or not.
Edit: typo
Can you point to some discussion of the ventoy blobs? I had never heard and can’t find anything that says it’s not GPL3.
This thread made me look at this issue. Realistically it’s not a big issue, the VAST majority of the binary blobs are accounted for and have a script or a readme file that shows where they’re downloaded from.
That being said I will take a serious look at alternatives.
The vast majority of xz’s blobs are accounted for, too.
Yeah, that’s pretty much where I landed after reading through it.
Maybe they are thinking of iVentoy which is not open source but is by the same dev
https://github.com/ventoy/PXE
Maybe start here, but there’s lots of discussion on the post.
https://lemmy.world/comment/12416453
Ugh, those GitHub comments are horrible. If I was the author, I would just walk away from the project. People have no shame in making demands for free work.
You ain’t wrong. The level of arrogance stinks. Especially when the author put effort into documenting the sources etc.
There do appear to be a lot of these know-it-all-but-contribute-little types around.
Maybe a few are missing, but simply asking, and I’m sure they’ll provide. If someone wants a better build system, they could volunteer to do it themselves.
Should I be worried? I was distro hopping for a bit and put together a Ventoy drive to make that easier, and I used it to boot the install iso for the distro I ultimately decided on for my gaming laptop. It seemed highly recommended and I didn’t know about the Ventoy bros at that point.
Probably not. I’ve used it as well (before I knew about Glim) to preview distros, but I am not using it to do installs, since I can’t be certain what’s in it.
I want to use Glim too, because the binary Blobs in Ventoy are bugging me a lot. But Glim is a bit limited still: README
Yep. It’s probably fine for most people, but it’s still a trade-off between transparency and utility. Ventoy is superior functionality, but those blobs bug me, too, and the fact that the dev is so openly hostile towards transparency is concerning.
Cool! I might give that a try instead of the Ventoy i use regularly. Thanks for the info !
deleted by creator
I have quite literally never seen that. The majority of the time, somebody brings up Ventoy, somebody mentions the opaque blobs or some other legitimate criticism, and a bunch of fanbois pile onto that person for having their own opinions or concerns.
Ventoy works well, but the lack of transparency concerns me and people like me.
I have a different experience. There was one thread which linked to a github issue. The issue said some blobs don’t have source code. Ironically when I went on to check, the blobs mentioned in the issue had source code, but there were other blobs which seemed to miss the source or build instructions.
I would love to have an independent audit to put this issue at rest. All that happens is more and more noise and no resolution. I am not a programmer so can’t really help here.
I would also love that! The truth of this matter would be much preferred over a bunch of cast aspersions.