At the beginning of this year we noticed that the Deepin Desktop as it is currently packaged in openSUSE relies on a packaging policy violation to bypass SUSE security team review restrictions. With a long history of code reviews for Deepin components dating back to 2017, this marks a turning point for us that leads to the removal of the Deepin Desktop from openSUSE for the time being.
  • Mike@lemm.ee
    31·
    12 hours ago

    No they don’t. OpenSUSE, especially tumbleweed, is way more security-focused than other distros.

    It’s a very low-trust default install, and it takes some work to get things through the firewall. Compare that to Fedora where every port above 2025 is open by default.

    • barryamelton@lemmy.world
      1·
      9 hours ago

      that is orthogonal with packaging standards, packaging security, and packaging policy violations…

      Compare this: https://www.debian.org/doc/debian-policy/

      With this single page: https://en.opensuse.org/openSUSE:Packaging_guidelines

      In case you think “but those policies are not needed, they are superfluous” (like some Arch devs). They are not. Packagers send their fixes upstream, and then, other distros, with lower standards, consume the already fixed upstream releases, and sometimes pretend that this work was not needed nor present, not realizing that all distros benefit from it even if your policies are more relaxed.

      There’s a reason why the Deepin Desktop Environment was never part of Debian, and only available via their own ppa repositories, even if the Deepin distro is based in Debian.