Software:Ventoy

From HandWiki
Ventoy
File:320px
Ventoy 1.0.54
Developer(s)Hailong Sun (aka longpanda)
Initial release5 April 2020
Operating systemCross-platform (Windows, Linux)
LicenseGPLv3+ License

Ventoy is a freeware utility used for creating bootable USB media storage devices with files such as .iso, .wim, .img, .vhd(x), and . Once Ventoy is installed on a USB drive, new installation files can be added without reformatting.[1][2][3] Ventoy presents the user with a boot menu to select one of the installation files held on the USB drive.

Features

Ventoy can be installed on a USB flash drive, local disk, solid-state drive (SSD, NVMe), or SD card and directly boots from the selected .iso, , .img} d(x), or {{Not a t ed. Ventoy does not extrac to the USB drive, but uses them directly, as it can unzip during installation. It is possible to place multiple ISO images on a single device and select the image to boot from the menu displayed just after Ventoy boots.

MBR and GPT partition styles, x86 Legacy BIOS and various UEFI boot methods (including persistence) are supported. ISO files larger than 4 GB can be used. Ventoy supports various operating system boot and installation ISO files, including Windows 7 and later, Debian, Ubuntu, CentOS, Red Hat Enterprise Linux (RHEL), Fedora and more than a hundred other Linux distributions; various Unix releases, VMware, Citrix XenServer, etc. have also been tested.[4] Ventoy isn't recommended on the openSUSE wiki due to reports of boot issues.[5]

Concerns over software security and validity of open source claim

Ventoy claims[6] to be an open source software and is hosted on GitHub open-source repository[7]. However, concerns have been repeatedly raised in various computing-related blogs[8][9][10][11][12][13] and forums[14][15][16][17][18][19][20][21][22][23] regarding the fact that source code tree contains a large number of pre-compiled blobs (binary executable files) of unknown origin, which makes it impossible or very difficult to audit the content of the software and ascertain that no malicious payload (e.g. backdoors) is being delivered. Additional concerns were raised in the same blogs and forums that the software appears to originate from China, that the software author has not responded to the concerns over the blobs for several years, that the identity of the author cannot be exactly established and that distribution of blobs without the corresponding source code could be a violation of GPLv3+ license the software claims to adhere to. Recommendations to migrate to alternative and more transparent open source software (e.g. Rufus, balenaEtcher) have been made in the same blogs and forum posts quoted above. Parallels have been drawn to recent vulnerabilities discovered in XZ Utils software[18]. On 7 May 2025 the author of the project has finally responded[15] to the concerns over the blobs, however response was limited to merely listing all the blobs along with build instructions, which other open source community members found very convoluted and difficult to reproduce[9][19]. No actions were taken by the author to eliminate blobs and replace them with the source code. The author has also responded to concerns that closed-source blobs can contain payload from Chinese government by merely stating that "[He has] never heard of the Chinese government forcing open source developers to install backdoors in their software. Just think about it, what benefits would this bring to the government, other than damaging its reputation?"[15].

See also

References

  1. Langner, Christopher. "Tutorial – Ventoy". Linux New Media USA. https://www.linux-magazine.com/Issues/2021/243/Saving-Steps. 
  2. "Bootable USB Creator Ventoy Gets A Native GUI For Linux". 14 September 2021. https://www.linuxuprising.com/2021/09/bootable-usb-creator-ventoy-gets-native.html. 
  3. "You may now use Ventoy without deleting data on USB Sticks". 11 November 2021. https://www.ghacks.net/2021/11/11/you-may-now-use-ventoy-without-deleting-data-on-usb-sticks/. 
  4. "List Of Tested ISOs". https://www.ventoy.net/en/isolist.html. Retrieved 2021-03-09. 
  5. "Create installation USB stick". https://en.opensuse.org/Create_installation_USB_stick#Ventoy. 
  6. "Ventoy A New Bootable USB Solution". https://www.ventoy.net/en/index.html. 
  7. "Ventoy". https://github.com/ventoy/Ventoy. 
  8. "Are you an IT professional? Stop using Ventoy (now)". 2025-08-21. https://en.iguru.gr/eisai-epangelmatias-it-stamata-chrisimopoieis-ventoy-tora/. 
  9. 9.0 9.1 "Ventoy - 718 Shades of Open Source". 2025-01-30. https://nixsanctuary.com/ventoy-718-shades-of-open-source/. 
  10. "iVentoy under suspicion for replacing drivers and certificates". 2025-05-14. https://en.ubunlog.com/iventoy-under-suspicion-for-replacing-drivers-and-certificates/. 
  11. "Ventoy's Binary Blobs Spark Security Concerns and Trust Issues in Open Source Community". 2025-08-06. https://biggo.com/news/202508061917_Ventoy_Binary_Blobs_Security_Concerns. 
  12. "Ventoy Security Concerns". 2025-08-05. https://discuss.privacyguides.net/t/ventoy-security-concerns/20058. 
  13. "Should Ventoy users be concerned? What remediations could users take?". 2024-10-17. https://discuss.privacyguides.net/t/should-ventoy-users-be-concerned-what-remediations-could-users-take/21593. 
  14. "[issue: Remove BLOBs from the source tree #2795"]. https://github.com/ventoy/Ventoy/issues/2795. 
  15. 15.0 15.1 15.2 "About the BLOBs in Ventoy #3224". 2025-05-07. https://github.com/ventoy/Ventoy/issues/3224. 
  16. "Where is source code to binary blobs? Is it really open-source? #132". 2020-05-18. https://github.com/ventoy/Ventoy/issues/132. 
  17. "Is Ventoy really safe?". 2024-10-18. https://forums.linuxmint.com/viewtopic.php?t=432513. 
  18. 18.0 18.1 "Is ventoy safe? In light of xz/liblzma scare.". https://www.reddit.com/r/linux/comments/1buhnrs/is_ventoy_safe_in_light_of_xzliblzma_scare/. 
  19. 19.0 19.1 "The ventoy situation". 2025-04-28. https://discuss.cachyos.org/t/the-ventoy-situation/8321. 
  20. "About the BLOBs in Ventoy". https://news.ycombinator.com/item?id=44810281. 
  21. "Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months". https://lemmy.one/post/19193506. 
  22. "Is Ventoy Safe to Use? Any Good Alternatives?". 2025-08-10. https://yomotherboard.com/question/is-ventoy-safe-to-use-any-good-alternatives/. 
  23. "Ventoy: Remove BLOBs from the Source Tree". 2024-06-15. https://news.ycombinator.com/item?id=40689629. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Software:Ventoy&oldid=3967017"