At the beginning of this year we noticed that the Deepin Desktop as it is currently packaged in openSUSE relies on a packaging policy violation to bypass SUSE security team review restrictions. With a long history of code reviews for Deepin components dating back to 2017, this marks a turning point for us that leads to the removal of the Deepin Desktop from openSUSE for the time being.
A needle in a tumbleweed, if you will. :p
Yeah, it’s crazy it was hiding this long but I see this as a win that they dealt with it so swiftly and show they take their package security seriously.
Yeah, it really speaks volumes about the devs. It means that no matter how innocent the package may be or how long its been there, they still pick through it all multiple times to make sure their users are safe and happy.
But RIP Deepin users. Tbh though, I’ve been hanging around Linux forums a while and still have yet to see someone who actually daily drives Deepin, lol.