On 5/13/25 13:37, David C Rankin wrote:
Devs,The Register posted an article about openSUSE removing the Deepin desktop based on dbus abuse and other security and packaging violations. The issues are documented and linked in the article:https://go.reg.cx/tdml/dfd67/684a187f/7019d634/4gJnHas Arch done a similar analysis or have similar concerns? openSUSE have removed it from the distro, but left the package available in the community packager's repoo (similar to AUR setup). Not sure whether that is something to consider here.The concern being that by providing official packages openSUSE gave Deepin the aura of being up to the distros security standards where apparently that isn't something that was warranted.
Hi,I am aware of the situation and have been in contact with Deepin upstream team for some details. As I understand, the openSUSE situation differs from us for the packaging policy violation part, but all the security concerns related to the software itself persist.
I really appreciate that the openSUSE team takes security seriously, puts in so much efforts in it and enforces such a policy distro-wise. I also notice that the Deepin team has a response [1] to the matter and they set a deadline by end of May to address the existing issues. Let's see if they are improving.
[1] https://bbs.deepin.org/en/post/287017 -- Regards, Felix Yan
OpenPGP_signature.asc
Description: OpenPGP digital signature
