A year after SUSE decided to remove its Deepin desktop package due to ongoing security issues, Fedora Linux has now removed its Deepin package due to similar concerns and lack of maintenance activity.

image.webp

A year ago, after SUSE/openSUSE disclosed Deepin's security vulnerabilities, FESCo submitted a work order requesting a security review of Deepin.

During this time, Fedora developers have been having difficulty contacting the maintainers of some Deepin packages. However, part of the decision about what to do with Deepin packages stems from the lack of a clear policy defining expectations.

At today's Fedora Engineering and Steering Committee (FESCo) meeting, it was decided to remove all Deepin packages from Fedora:

"Agreed: Remove all packages from the list and mention the fesco ticket in the message. Ask the releng team, if requested, not to reinstate these packages unless they pass review again."