openSUSE Drops Deepin Desktop Amid Ongoing Security Concerns
The openSUSE project has officially removed the Deepin Desktop Environment from its Tumbleweed rolling release and the upcoming Leap 16.0, citing unresolved security vulnerabilities and a lack of effective cooperation from Deepin's upstream developers.
The decision follows the discovery of a critical privilege escalation flaw in the `dde-api-proxy` component, which acts as a D-Bus proxy between Deepin applications and system services. This vulnerability, assigned CVE-2025-23222, allows unprivileged local users to execute administrative operations without proper authentication. The flaw stems from the proxy's design, which forwards D-Bus messages from any user to backend services as if they originated from the root user, effectively bypassing standard security checks.
The SUSE Security Team reported the issue to Deepin's security contacts in December 2024. Initial attempts to communicate were met with silence, and although Deepin eventually acknowledged the problem and released a patch in January 2025, the fix was deemed inadequate. The patch introduced a new Polkit authorization check but relied on deprecated methods vulnerable to race conditions, leaving the system susceptible to similar exploits.
Further investigation revealed that the `deepin-feature-enable` package, introduced in April 2021, violated openSUSE's packaging policies by installing unverified components through a license agreement bypass. This discovery prompted a comprehensive review of DDE's integration with openSUSE, uncovering a pattern of persistent security issues dating back to 2017. Notable concerns included improper handling of D-Bus and Polkit features in components like `deepin-api`, `deepin-daemon`, and `deepin-file-manager`, leading to disabled functionalities and broken features within the desktop environment.
The openSUSE community had previously attempted to mitigate these issues by disabling D-Bus and Polkit features by default, resulting in limited functionality such as non-operational lock screens, inability to manage users and networks through the control center, and broken system sounds. Users who chose to enable these features were warned of potential security risks.
The removal of DDE from openSUSE highlights broader concerns about the security culture within the Deepin project. Past incidents, such as the inclusion of the CNZZ analytics tracker in the Deepin App Store in 2018, have raised questions about data privacy and the project's transparency. Although Deepin removed the tracker following public backlash, lingering doubts remain about the project's commitment to user security and privacy.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Arabian Post
20-05-2025
- Arabian Post
Ubuntu 25.10 Brings Fresh Terminal and Image Viewer Upgrades
Ubuntu 25.10 will introduce a significant update to its core user experience by replacing the default terminal and image viewer applications with modern alternatives. This development marks a shift towards more streamlined and feature-rich tools, reflecting the broader trend of enhancing Linux desktop usability without sacrificing performance or stability. The new default terminal, known as 'Console,' is set to replace GNOME Terminal, which has been a longstanding staple in the Ubuntu environment. Console offers a sleek and minimalist interface designed to improve usability and responsiveness. Among its key features are GPU acceleration, which provides smoother rendering and better performance, especially on high-resolution displays, and an emphasis on simplicity by reducing clutter and unnecessary UI elements. This change aligns with a growing demand from users for faster and more visually appealing terminal applications that can handle diverse workflows efficiently. Complementing the terminal update, the existing image viewer, Eye of GNOME , will be supplanted by 'Pix,' an image viewer developed by the Linux Mint team. Pix is celebrated for its faster loading times, enhanced support for various image formats, and a more intuitive interface that simplifies navigation and editing. It incorporates basic image editing tools such as cropping and rotation, which were notably absent in eog, thereby providing users with more functionality out of the box without needing additional software. This switch aims to improve everyday image handling tasks for Ubuntu users, particularly those who prefer lightweight applications without compromising essential features. These replacements are part of Ubuntu's ongoing effort to refine its software stack as it approaches the 25.10 release, planned for late October this year. Ubuntu developers have emphasised that the changes are driven by both user feedback and the desire to keep up with evolving software trends in the open-source ecosystem. The move also signals a willingness to incorporate applications developed by other Linux communities, fostering greater collaboration across distributions. See also openSUSE Drops Deepin Desktop Amid Ongoing Security Concerns Canonical, Ubuntu's parent company, has underscored the importance of maintaining a balance between innovation and stability. While new software like Console and Pix offer improvements, they also undergo extensive testing to ensure compatibility with the broader Ubuntu desktop environment. Early builds of Ubuntu 25.10 have already shown promising performance gains, with users reporting a more responsive terminal experience and a quicker, more versatile image viewer. The adoption of Console and Pix reflects a broader shift within the Linux desktop world, where traditional applications face increasing competition from newer projects focusing on user experience and performance. This trend is partly influenced by the rise of high-DPI displays and the growing popularity of tiling window managers, which demand terminals that can efficiently manage multiple sessions and deliver sharp visuals. Similarly, image viewers now often need to balance lightweight operation with support for various modern formats and basic editing, features that Pix addresses. Ubuntu 25.10 also continues to update other system components, including a newer Linux kernel and refreshed GNOME desktop environment. These updates improve hardware compatibility, security, and user interface consistency. However, the terminal and image viewer changes stand out for their direct impact on daily user interaction, highlighting Canonical's focus on practical enhancements. Ubuntu's decision to integrate Pix, created by a different distribution, demonstrates the increasingly collaborative nature of open source software development. Linux Mint's Pix has gained recognition for its efficiency and ease of use, prompting Canonical to evaluate it as a superior replacement to eog. This cross-pollination signals a growing recognition that user-centric improvements can transcend distribution boundaries, ultimately benefiting the broader Linux community. See also Manjaro 25.0 'Zetar' Launch Enhances Linux Desktop Experience User response to the new terminal and image viewer has been largely positive during beta testing phases. The Console terminal's clean design and responsiveness have been praised for reducing distractions while maintaining essential features like tabs and profiles. Pix's support for more image formats and built-in editing tools has been welcomed by users who previously needed to rely on external applications for minor adjustments. These updates are expected to be particularly appealing to Ubuntu's growing base of desktop users who rely on the operating system for development, creative work, and daily productivity. The streamlined terminal can enhance coding and system administration tasks, while the improved image viewer supports graphic tasks without the overhead of larger photo editing suites.
Zawya
19-05-2025
- Zawya
Abu Dhabi Investment Office launches Automotive Programme
The Abu Dhabi Investment Office (ADIO) today announced the launch of a major economic programme targeting the establishment of an end-to-end automotive ecosystem. Backed by multi-billion-dirham investments from global industry leaders, the programme aims to transform Abu Dhabi into the region's foremost hub for smart automotive manufacturing and assembly, R&D, restoration, auctions and luxury automobiles. Announced during the Make it in the Emirates Forum 2025 (MIITE), the automotive programme is projected to contribute AED100 billion to Abu Dhabi's GDP by 2045, attract over AED8 billion in FDI and create 7,000 high-skilled jobs. The inclusion of advanced R&D and engineering centres, as well as participation from Tier 1 and 2 suppliers and premium OEMs, ensures that the entire value chain, from design and manufacturing to aftersales, generates sustained economic impact and long-term industrial competitiveness. In addition to manufacturing, the holistic ecosystem will encompass activations, annual product launches, motorsport and industry events, luxury car restoration and premium vehicle auctions. Talent development will also be a cornerstone of the automotive programme. In collaboration with top universities, ADIO has created the region's first Automotive AI Curriculum, focused on product design. The programme combines advanced research, AI, training and international placements, further embedding local talent in the global mobility value chain. Badr Al-Olama, Director General of ADIO, said, 'Backed by automotive OEMs, our automotive programme is a defining step in Abu Dhabi's evolution as a global economic powerhouse, reinforcing our strength in advanced manufacturing, future mobility and design excellence. It reflects Abu Dhabi's long-term vision to build not just competitive sectors, but entire ecosystems that shape global standards and unlock innovation. It signals that the emirate is not just a destination for investment, but a global, export-driven hub where talent, technology and bold ambition converge.' Mohammad Ali Al Kamali, Chief Industry and Trade Officer at ADIO, added, 'With the launch of the automotive programme, we are moving beyond assembly to create an end-to-end manufacturing and innovation ecosystem, where global OEMs, specialist automotive suppliers and emerging technology players can co-locate, collaborate and scale from Abu Dhabi. This is how we industrialise opportunity: by combining strategic infrastructure, future-focused talent and global partnerships to make Abu Dhabi a centre of gravity for automotive production and smart mobility systems.' More than ten commercial and investment agreements were announced as part of the automotive programme during the MIITE Forum, marking the first full demonstration of Abu Dhabi's automotive programme in motion. Leading automotive manufacturers, including Genesis and ROX Motors, confirmed new manufacturing agreements with W Motors in Abu Dhabi, establishing the emirate as a production hub for regional and international markets. Additionally, AIH Group, one of the world's largest automotive assembly providers, is now embedded in the local manufacturing landscape as the technical lead for high-volume vehicle production. These anchor projects are complemented by a robust network of local supply chain partnerships that enhance each stage of automotive production. This includes lightweight materials through Borouge, battery systems by Enercap, and aluminium components through Automotive Precision Technology (APT), establishing a full-spectrum vehicle manufacturing ecosystem. Together, these investments mark a pivotal step in shaping Abu Dhabi's automotive future, one that blends advanced manufacturing with cutting-edge design, sustainable mobility and global reach. By anchoring world-class talent, technology and supply chains in the emirate, the automotive programme sets a new standard for industrial excellence in the region and beyond.
Zawya
19-05-2025
- Zawya
ADNOC, Tubacex sign agreement to localise oilfield technology
ADNOC announced today the signing of a strategic partnership agreement with Tubacex, a global leader in advanced tubular solutions, to localise critical oilfield technology, enhancing the resilience of the UAE's industrial base. The announcement was made at the 'Make it in the Emirates' forum in Abu Dhabi. The agreement grants ADNOC perpetual and exclusive rights to utilise Tubacex's Sentinel Prime premium tubular joint connection technology, which is critical for completing oil and gas wells while reducing costs and ensuring supply chain resilience. Tubacex will establish a dedicated research and development (R&D) centre in Abu Dhabi. This facility will act as a hub for advanced engineering and train highly skilled technicians in-country – contributing to the development of local talent. Musabbeh Al Kaabi, ADNOC Upstream CEO, said, "This strategic partnership secures ADNOC access to an important technology for completing oil and gas wells, reinforcing our role as a reliable global energy provider and our efforts to boost domestic manufacturing capacity. We welcome Tubacex's investment in a new research and development centre in Abu Dhabi which will enable knowledge and technology transfer, help develop local talent and support the goals of the Make it in the Emirates initiative.' Tubulars, also known as Oil Country Tubular Goods (OCTG), are specialised steel pipes used in the drilling and completion of oil and gas wells. These components must meet stringent standards for strength, durability and reliability to operate in high-pressure, high-temperature environments deep underground. Josu Imaz, Tubacex Group CEO, said, 'The licencing arrangement with ADNOC confirms Tubacex's commitment to innovation and excellence in the energy sector and reinforces our position as a strategic contributor for major players in the industry.' The 'Make it in the Emirates' forum is taking place from 19-22 May at ADNEC Centre Abu Dhabi. It is the UAE's flagship industrial event, designed to accelerate the country's manufacturing ambitions.
