1 hour ago
5
Follow ZDNET: Add america arsenic a preferred source connected Google.
ZDNET's cardinal takeaways
- Deepin Linux has been fishy for immoderate time.
- SUSE and Fedora person dropped each Deepin packages.
- The lone mode guardant for Deepin is simply a strict codification review.
The archetypal clip I tested Deepin Desktop Environment (DDE), it blew maine away. I thought, "This caller Linux desktop volition yet beryllium the open-source operating system's large breakthrough."
For a while, it looked arsenic if my prediction mightiness travel to fruition.
Also: Kubuntu vs. Fedora KDE: Which KDE Plasma distro is close for you?
But things took a concerning detour. Seven years ago, respective YouTube videos, specified arsenic this one, reminded america that sometime astir 2018, the Deepin Store was sending unencrypted requests to the Chinese equivalent of Google Analytics (CNZZ). The information sent to CNZZ included the user's browser cause and different bits of information. Deepin addressed that contented and stopped collecting data.
According to Foss Linux, a forensic expanse recovered nary grounds of progressive spyware successful Deepin's core.
SUSE cuts ties with the Chinese distro
Then, successful 2025, things started to unravel for Deepin erstwhile SUSE decided to chopped ties with the Chinese distribution. According to SUSE's findings, "we noticed a argumentation usurpation successful the packaging of the Deepin desktop situation successful openSUSE. To get astir information reappraisal requirements, our Deepin assemblage packager implemented a workaround that bypasses the regular RPM packaging mechanisms to instal restricted assets."
The study continues, "As a effect of this violation, and successful the airy of the hard past we person with Deepin codification reviews, we volition beryllium removing the Deepin Desktop packages from openSUSE distributions for the clip being."
Deepin's problems did not extremity with SUSE.
Also: Red Hat Desktop vs. Fedora Hummingbird: Which AI improvement Linux way is close for you?
On the heels of SUSE's announcement, the squad down Fedora (which Red Hat Enterprise Linux is based on) decided to travel suit and region the Deepin packages owed to akin information concerns. A Phoronix station quoted the Fedora Engineering and Steering Committee (FESCo) saying, "Retire each packages successful the list...ask releng to not unretire those packages if a petition is made, unless they passed reappraisal again."
In a report connected XDA, it was noted that Fedora "would effort 1 much clip to get successful interaction with the radical down Deepin's maintenance, arsenic 'the DDE packages look to person been successful precise atrocious signifier for an extended play of time.' If they didn't reply wrong 4 weeks, Fedora would ditch Deepin."
Deepin Desktop nary longer successful Fedora oregon SUSE repos
Well, those 4 weeks passed, and Fedora has officially dropped Deepin packages from the mainstay distribution.
This means you tin nary longer instal Deepin Desktop from the authoritative Fedora oregon SUSE repositories. Yes, you could physique it from root and person it tally connected Fedora, but fixed the quality of this shift, wherefore would you?
With 2 large Linux distributions dropping DDE owed to ongoing information concerns since 2018, the penning is connected the wall. Unless the developers down Deepin marque immoderate large changes, what was erstwhile called the astir beauteous Linux desktop is dormant successful the water.
Also: The champion Linux laptops: Expert tested for students, hobbyists, and pros
That's a shame, but it should besides service arsenic a informing to each squad creating a Linux desktop (or bundle successful general).
That's not to accidental that each is mislaid with Deepin. If the Deepin codification could walk a stringent review, Fedora mightiness beryllium apt to let the packages backmost in. Will that happen? No 1 knows.
It's each successful the open
The immense bulk of Linux bundle is open-source, meaning anyone tin download, view, modify, and repackage the code. Because of that, anyone with the indispensable skills tin comb done the codification and look for thing suspicious. Or, users tin instal the software, tally tools similar Wireshark, and spot if immoderate web postulation is going to fishy locations. I've done it earlier -- it's not hard.
On apical of that, with the advent of AI, those issues tin present beryllium spotted much quickly; with everything retired successful the open, developers won't beryllium capable to fell malicious code.
Also: The champion Linux distributions for beginners
As this Deepin contented has persisted for astir 10 years and fixed the emergence successful Linux kernel vulnerabilities, it was nary astonishment to spot the packages pulled.
The bully quality is that implicit the past fewer years, respective Linux desktop environments person surpassed Deepin successful aesthetics. KDE Plasma, Pantheon, Budgie, and adjacent GNOME tin beryllium customized to look arsenic bully (if not better) than Deepin Desktop. Saying goodbye to Deepin is truly nary tegument disconnected Linux's back.
Even so, it is simply a shame that specified a beauteous Linux desktop situation had to autumn retired of favor, simply due to the fact that the developers garbage to comply with information standards that person go a necessity successful a satellite that is plagued by atrocious actors and malicious code.
English (US) ·