Deepin Desktop Environment initially impressed users with a polished experience. Earlier concerns included unencrypted requests from the Deepin Store to CNZZ, which Deepin later stopped after addressing the issue. A forensic review found no evidence of active spyware in Deepin’s core. In 2025, SUSE ended its relationship with the Deepin distribution after detecting a policy violation in openSUSE packaging. A Deepin community packager used a workaround that bypassed regular RPM packaging mechanisms to install restricted assets, avoiding security review requirements. SUSE removed Deepin Desktop packages from openSUSE distributions temporarily. Fedora then removed Deepin packages as well, leaving strict code review as the only forward option.
"“we noticed a policy violation in the packaging of the Deepin desktop environment in openSUSE. To get around security review requirements, our Deepin community packager implemented a workaround that bypasses the regular RPM packaging mechanisms to install restricted assets.” The report continues, “As a result of this violation, and in the light of the difficult history we have with Deepin code reviews, we will be removing the Deepin Desktop packages from openSUSE distributions for the time being.”"
"“Seven years ago, several YouTube videos, such as this one, reminded us that sometime around 2018, the Deepin Store was sending unencrypted requests to the Chinese equivalent of Google Analytics (CNZZ). The data sent to CNZZ included the user's browser agent and other bits of information. Deepin addressed that issue and stopped collecting data.”"
"“According to Foss Linux, a forensic sweep found no evidence of active spyware in Deepin's core.”"
"“Then, in 2025, things started to unravel for Deepin when SUSE decided to cut ties with the Chinese distribution.”"
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]