MJ+ @voyager@g0v.social
Public

主要由中國武漢深之度科技開發的桌面環境Deepin DE,近年也算是有點知名度。

但其安裝套件被openSUSE暫時移除,原因是沒有遵守、甚至刻意繞過openSUSE的安全規定。openSUSE要求所有進入其軟體庫的套件,只要有利用d-bus等系統服務,都需要先過審一遍,確認無虞才會獲准進入官方軟體庫。

但一直不過審的Deepin,採用開後門方式,另外加了一個名為deepin-feature-enable的套件,使用者在安裝的時候會出現一個授權聲明,表示因為openSUSE的政策,部分套件無法進入官方軟體庫,為了正常使用DDE,系統會下載需要的套件,自動為使用者安裝尚未過審的套件。

openSUSE直指開發上遊「欠缺資安文化,提交的組件屢屢出現安全問題」。

目前使用者只能通過第三方軟體庫安裝DDE。

相關連結:security.opensuse.org/2025/05/

Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation

At the beginning of this year we noticed that the Deepin Desktop as it is currently packaged in openSUSE relies on a packaging policy violation to bypass SUSE security team review restrictions. With a long history of code reviews for Deepin components dating back to 2017, this marks a turning point for us that leads to the removal of the Deepin Desktop from openSUSE for the time being.

security.opensuse.org · SUSE Security Team Blog

0
0
0

If you have a fediverse account, you can quote this note from your own instance. Search https://g0v.social/users/voyager/statuses/114467463260886253 on your instance and quote it. (Note that quoting is not supported in Mastodon.)