[Bulletin] Public Notice on Rectification Progress for DDE Removal in openSUSE

Official Announcements 363 views · 2 replies ·

deepin小助手

Super Moderator

2025-06-04 13:39

Author

Since openSUSE raised issues regarding the deepin Desktop Environment (DDE), the deepin community immediately launched a special rectification project, advancing all fixes in strict accordance with the plan. By the end of May, code fixes for all security issues reported by openSUSE had been completed. We are pleased to announce the key progress below.

I. Overall Progress on Issue Fixes

We have comprehensively reviewed all issues reported by openSUSE. Fixes have now been submitted for all items, with details below.

Subassemblies	Resolved	Processing	Remarks
DDE	3	0
DTK	2	0
File Manager	0	2	Code has been submitted and is pending merge.
System Monitor	3	0
deepin-clone	1	0
deepin-anything	1	0
Total	10	2

II. Key Governance Progress

openSUSE Polkit Whitelisting Mechanism

openSUSE uses a whitelist mechanism to manage Polkit rule reviews. Polkit rules passing openSUSE security review are added to the whitelist. For new Polkit rules: All new Polkit Action IDs are submitted as bug reports. Once reviewed by openSUSE and integrated into the polkit-default-privs project, the corresponding bug reports are closed.
Many DDE security issues relate to Polkit. Clarifying openSUSE's Polkit security review process will help DDE handle similar issues more efficiently.

Progress on Core Issue Fixes

Four issues reported by openSUSE (1134131、1134132、1136026、1211374) are representative. Fixes have been submitted to deepin's GitHub repository (some already merged). We will prioritize such issues to prevent recurrence.

Community Collaboration Progress

DConfig Design(1211374): The solution received positive feedback from openSUSE. A full review process will restart.
System Monitor(1233054): Code modifications were approved by openSUSE, which also suggested optimizations for pkexec operations. Code changes are now complete.

Special thanks to the openSUSE Security Team for the professionalism demonstrated in the technical solution review, and also to the community developers for their efficient execution. The progress of this rectification has been updated in real time on the GitHub project page (https://github.com/orgs/linuxdeepin/projects/246).

The deepin Community will subsequently advance code audits with more stringent security standards, comprehensively improve the security response mechanism, deepen technical collaboration with upstream and downstream communities, and jointly build a trustworthy open-source desktop security system.

deepin Community

June 4, 2025

Attachments: