Updated
Updated · ZDNet · May 21
Fedora Drops Deepin Desktop Packages After 4 Weeks Over Security Review Concerns
Updated
Updated · ZDNet · May 21

Fedora Drops Deepin Desktop Packages After 4 Weeks Over Security Review Concerns

4 articles · Updated · ZDNet · May 21
  • Fedora has officially removed Deepin Desktop packages after a four-week wait for maintainers to respond, ending installation from its official repositories.
  • FESCo moved to retire the packages because Deepin had been in poor shape for an extended period and would not be unretired unless they pass review again.
  • SUSE had already removed Deepin in 2025 after finding a packaging workaround that bypassed normal RPM mechanisms and security review requirements.
  • Deepin has faced scrutiny since 2018 over unencrypted analytics requests; no active spyware was found in core code, but the repeated review issues have kept trust low.
  • Any return now hinges on a stringent code review, leaving Deepin absent from two major Linux distribution repositories unless its developers meet stricter security standards.
Is Deepin's removal a warning of a larger security crisis brewing within the open-source software supply chain?
After its public expulsion for security flaws, can the once-praised Deepin desktop ever truly be trusted again?

Related Stories

ZDNetMay 21
YouTubeMay 21
The RegisterMay 21
FacebookMay 21