At the beginning of this year we noticed that the Deepin Desktop as it is currently packaged in openSUSE relies on a packaging policy violation to bypass SUSE security team review restrictions. With a long history of code reviews for Deepin components dating back to 2017, this marks a turning point for us that leads to the removal of the Deepin Desktop from openSUSE for the time being.
Wasn’t vertical integration, was done by packager.
We don’t believe that the openSUSE Deepin packager acted with bad intent when he implemented the “license agreement” dialog to bypass our whitelisting restrictions. The dialog itself makes the security concerns we have transparent, so this does not happen in a sneaky way, at least not towards users. It was not discussed with us, however, and it violates openSUSE packaging policies.
Right, but what I’m saying the design to need these things was likely based on Deepin running their own distro. They don’t have to consider the security guidelines of other distros like KDE or Gnome, XFCE or Enlightenment would.
It needed those things brought in through the back door because the code was a steaming pile of shit security wise and would have been rejected at the front door.
Wasn’t vertical integration, was done by packager.
Right, but what I’m saying the design to need these things was likely based on Deepin running their own distro. They don’t have to consider the security guidelines of other distros like KDE or Gnome, XFCE or Enlightenment would.
It needed those things brought in through the back door because the code was a steaming pile of shit security wise and would have been rejected at the front door.