At the beginning of this year we noticed that the Deepin Desktop as it is currently packaged in openSUSE relies on a packaging policy violation to bypass SUSE security team review restrictions. With a long history of code reviews for Deepin components dating back to 2017, this marks a turning point for us that leads to the removal of the Deepin Desktop from openSUSE for the time being.
  • sugar_in_your_tea@sh.itjust.works
    1·
    8 hours ago

    The history of Deepin code reviews clearly shows that upstream is lacking security culture, and the same classes of security issues keep appearing…

    Ouch.

    • Leaflet@lemmy.world
      1·
      8 hours ago

      Security is hard and not the fun part of programming (for most people anyway).

      KDE and Gnome have problems too.

      Rationale for Accepting kio-admin into openSUSE

      We have dealt with these types of APIs in KDE since 2017 without achieving any notable improvements. As we are responsible for product security we tried to protect our users from potentially harmful components. At this point, though, we don’t believe that this situation will change anytime soon. Meanwhile users still want to use features like the one found in Dolphin, and don’t understand why openSUSE does not include them.

      https://security.opensuse.org/2025/02/21/kio-admin-admittance.html

      • sugar_in_your_tea@sh.itjust.works
        1·
        7 hours ago

        Oh certainly. What I was pointing out is the repeated failure and lack of acknowledgement of security issues. KDE and GNOME take it seriously, it seems Deepin does not.