[AnotherGoodName]

From the linked thread

"I have updated a new 1.0.21 release and removed the unused sig driver file. And I also add a README document about the httpdisk driver https://github.com/ventoy/PXE/tree/master"

As in the author responded and removed this and explained why it was in there in the first place.

So Ventoy has all it's code audited and documents every case of a binary blob with the source code and instructions to build the binary blob. iVentoy above did have an issue which was promptly resolved.

It seems to be an extremely trustworthy project. If you want to blacklist them because they once had an issue since corrected fine but it seems waaaaaay over the top to me.

[protimewaster]

My concern is that they grabbed some random driver signed by a random person and just assumed it was trustworthy enough to be included in a project. That's not the behavior I associate with how "extremely trustworthy" projects should be run. I understand others may not agree, though. I also understand that this is a different project, but that behavior kinda makes me feel like any project with those people involved shouldn't be viewed as extremely trustworthy. Are they also running randomly grabbed code on the build machines and assuming it's safe to do so?