openSUSE deep sixes Deepin desktop over security stink

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Apr 24, 2016
7,751
6
81,470
8,389
54
The Netherlands
SUSE has kicked the Deepin Desktop Environment (DDE) out of its community-driven Linux distro, openSUSE, and the reasons it gives for doing so are revealing.

SUSE's security team published a blog post – Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation – that makes for eye-opening reading. The news comes just a week after openSUSE Leap 16 entered beta, a release which contains some interesting wrinkles of its own.

Deepin is the desktop of Chinese vendor Uniontech's OS, Linux Deepin, which we last looked at in August 2024. In terms of appearance, the Deepin desktop is gorgeous. It's colorful, fluid, and friendly. It has a strong Windows 11 influence on its layout, but it's not a direct clone like the strange Wubuntu distro. It is also found on a few other distros, such as Ubuntu DDE, which we last looked at when the 22.04 version appeared.

According to the SUSE Security Team, though, DDE's beauty is only skin deep. Beneath the polished surface, it's not pretty at all. The team enumerates a whole list of problems, including claimed abuses of D-Bus and Polkit, but also some very poor design decisions. Some of these represent major security holes in the dde-api-proxy module, which are covered in depth here. The team has also publicly reported issues with Deepin's D-Bus services and the Deepin clone tool.
Click to expand...
Given the security record of Deepin and the concerns expressed in the previous section, we don’t recommend to use the Deepin desktop at this time.
Click to expand...
www.theregister.com

openSUSE deep sixes Deepin desktop over security stink

: Linux giant finds Chinese environment to be perilous beneath pretty exterior
www.theregister.com www.theregister.com

Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation

At the beginning of this year we noticed that the Deepin Desktop as it is currently packaged in openSUSE relies on a packaging policy violation to bypass SUSE security team review restrictions. With a long history of code reviews for Deepin components dating back to 2017, this marks a turning...
security.opensuse.org
 
  • Like
Reactions: simmerskool, lokamoka820, vaccineboy and 2 others

You may also like...