At the beginning of this year we noticed that the Deepin Desktop as it is currently packaged in openSUSE relies on a packaging policy violation to bypass SUSE security team review restrictions. With a long history of code reviews for Deepin components dating back to 2017, this marks a turning point for us that leads to the removal of the Deepin Desktop from openSUSE for the time being.
This is what vertical integration between distros and GUIs often leads to. This could be completely innocuous from Deepin’s end, because that’s just how they made it work in Deepin because they have vertical integration on their own stack. However, It’s completely bad form.
In general Deepin seems to adopt a lot of commercial software industry practices in building its tools, which I’m sympathetic to on some level, but it’s very obvious that the Linux community is not going to accept default-on telemetry. They should have known better after the CNZZ incident.
Wasn’t vertical integration, was done by packager.
Right, but what I’m saying the design to need these things was likely based on Deepin running their own distro. They don’t have to consider the security guidelines of other distros like KDE or Gnome, XFCE or Enlightenment would.
It needed those things brought in through the back door because the code was a steaming pile of shit security wise and would have been rejected at the front door.