Deepin Desktop removed from openSUSE

The SUSE Security Team has announced the removal of the DeepinDesktop from openSUSE due to violations of the project's packagingpolicy.

The discovery of the bypass of the security whitelistings via thedeepin-feature-enable package marks a turning point in our assessmentof Deepin. We don't believe that the openSUSE Deepin packager actedwith bad intent when he implemented the "license agreement" dialog tobypass our whitelisting restrictions. The dialog itself makes thesecurity concerns we have transparent, so this does not happen in asneaky way, at least not towards users. It was not discussed with us,however, and it violates openSUSE packaging policies. Beyond thesecurity aspect, this also affects general packaging qualityassurance: the D-Bus configuration files and Polkit policies installedby the deepin-feature-enable package are unknown to the packagemanager and won't be cleaned up upon package removal, forexample. Such bypasses are not deemed acceptable by us.

The combination of these factors led us to the decision to removethe Deepin desktop completely from openSUSE Tumbleweed and from thefuture Leap 16.0 release. In openSUSE Leap 15.6 we will remove theoffending deepin-feature-enable package only. It is a difficultdecision given that the Deepin desktop has a considerable number ofusers. We firmly believe the Deepin packaging and security assessmentin openSUSE needs a reboot, however, ideally involving new people thatcan help get the Deepin packages into shape, establish a relationshipwith Deepin upstream and keep an eye on bugfixes, thus avoidingfruitless follow-up reviews that just waste our time. In such a newsetup we would be willing to have a look at all the sensitive Deepincomponents again one by one.

The announcement goes into detail about the bypass ofopenSUSE packaging policy and the history of security reviews ofDeepin components. It also offers guidance on continuingto use Deepin Desktop on openSUSE.