1. Forum
  2. NIXNet
  3. NIX BBS

  • Deepin Desktop removed from openSUSE

    From LWN.net@86:200/23 to All on Thu May 8 06:40:08 2025

    The SUSE Security Team has announced the removal of the Deepin
    Desktop from openSUSE due to violations of the project's packaging
    policy.

    The discovery of the bypass of the security whitelistings via the deepin-feature-enable package marks a turning point in our assessment
    of Deepin. We don't believe that the openSUSE Deepin packager acted
    with bad intent when he implemented the "license agreement" dialog to
    bypass our whitelisting restrictions. The dialog itself makes the
    security concerns we have transparent, so this does not happen in a
    sneaky way, at least not towards users. It was not discussed with us,
    however, and it violates openSUSE packaging policies. Beyond the
    security aspect, this also affects general packaging quality
    assurance: the D-Bus configuration files and Polkit policies installed
    by the deepin-feature-enable package are unknown to the package
    manager and won't be cleaned up upon package removal, for
    example. Such bypasses are not deemed acceptable by us.

    The combination of these factors led us to the decision to remove
    the Deepin desktop completely from openSUSE Tumbleweed and from the
    future Leap 16.0 release. In openSUSE Leap 15.6 we will remove the
    offending deepin-feature-enable package only. It is a difficult
    decision given that the Deepin desktop has a considerable number of
    users. We firmly believe the Deepin packaging and security assessment
    in openSUSE needs a reboot, however, ideally involving new people that
    can help get the Deepin packages into shape, establish a relationship
    with Deepin upstream and keep an eye on bugfixes, thus avoiding
    fruitless follow-up reviews that just waste our time. In such a new
    setup we would be willing to have a look at all the sensitive Deepin
    components again one by one.

    The announcement goes into detail about the bypass of
    openSUSE packaging policy and the history of security reviews of
    Deepin components. It also offers guidance on continuing
    to use Deepin Desktop on openSUSE.

    https://lwn.net/Articles/1020407/
    --- SBBSecho 3.24-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)