Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation
Removal of Deepin Desktop from openSUSE due to Packaging Policy Violation
Hooo-ly shit, that's a concerning read. I have to go blacklist Deepin; it's in Arch extra/.
The whole article is concerning, but this part was really scary:
The service methods were not only unauthenticated and thus accessible to all users in the system, but the D-Bus configuration file also allowed anybody to own the D-Bus service path on the system bus, which could lead to impersonation of the daemon. Among other issues, the D-Bus service allowed anybody in the system to create arbitrary new UNIX groups, add arbitrary users to arbitrary groups, set arbitrary usersβ Samba passwords or overwrite almost any file on the system by invoking mkfs on them as root, leading to data loss and denial-of-service.
Tbh that's good. Deepin is sketchy to say the least.