At the beginning of this year we noticed that the Deepin Desktop as it is currently packaged in openSUSE relies on a packaging policy violation to bypass SUSE security team review restrictions. With a long history of code reviews for Deepin components dating back to 2017, this marks a turning point for us that leads to the removal of the Deepin Desktop from openSUSE for the time being.
  • Simon 𐕣he 🪨 Johnson@lemmy.ml
    31·
    5 hours ago

    This is what vertical integration between distros and GUIs often leads to. This could be completely innocuous from Deepin’s end, because that’s just how they made it work in Deepin because they have vertical integration on their own stack. However, It’s completely bad form.

    In general Deepin seems to adopt a lot of commercial software industry practices in building its tools, which I’m sympathetic to on some level, but it’s very obvious that the Linux community is not going to accept default-on telemetry. They should have known better after the CNZZ incident.

    • Leaflet@lemmy.worldEnglish
      3·
      3 hours ago

      Wasn’t vertical integration, was done by packager.

      We don’t believe that the openSUSE Deepin packager acted with bad intent when he implemented the “license agreement” dialog to bypass our whitelisting restrictions. The dialog itself makes the security concerns we have transparent, so this does not happen in a sneaky way, at least not towards users. It was not discussed with us, however, and it violates openSUSE packaging policies.

      • Simon 𐕣he 🪨 Johnson@lemmy.ml
        1·
        60 minutes ago

        Right, but what I’m saying the design to need these things was likely based on Deepin running their own distro. They don’t have to consider the security guidelines of other distros like KDE or Gnome, XFCE or Enlightenment would.

  • Eskuero@lemmy.fromshado.ws
    211·
    10 hours ago

    In January 2025, during routine reviews, we stumbled upon the deepin-feature-enable package, which was introduced on 2021-04-27 without consulting us or even informing us.

    Damm

    • Eyedust@lemmy.dbzer0.comEnglish
      11·
      8 hours ago

      That is quite a while, lol. To be fair though, there are an insane amount of lines in most packages. Quietly adding a brief line in a seemingly innocent features package is like hiding a needle in a haystack.

      Its easy to overlook things when you have a pile of packages to review during every routine. Its especially true if they missed it the first time, since its easier to review changes in a package rather than go through the whole thing again.