SuSE, openSUSE Archive

openSUSE removes Deepin from its repositories after long string of security issues and unauthorised security bypass

The openSUSE team has decided to remove the Deepin Desktop Environment from openSUSE, after the project’s packager for openSUSE was found to have added workaround specifically to bypass various security requirements openSUSE has in place for RPM packages. Recently we noticed a policy violation in the packaging of the Deepin desktop environment in openSUSE. To get around security review requirements, our Deepin community packager implemented a workaround which bypasses the regular RPM packaging mechanisms to install restricted assets. As a result of this violation, and in the light of the difficult history we have with Deepin code reviews, we will be removing the Deepin Desktop packages from openSUSE distributions for the time being. ↫ Matthias Gerstner Matthias Gerstner goes into great detail to lay out every single time the openSUSE team found massive, glaring security issues in Deepin, and the complete lack of adequate responses from the Deepin upstream team over the past 8 or so years. It’s absolutely shocking to see how utterly lax the Deepin developers have been regarding the security of their desktop environment and its dependencies, and the openSUSE team could really only come to one harsh conclusion: Deepin has no security culture whatsoever, and it’s extremely likely that every corner of the Deepin code is riddled with very serious security issues. As such, despite the relatively large number of Deepin users on openSUSE, the team has decided to remove Deepin from openSUSE entirely, instead pointing users to a third-party repository if they desire to keep using Deepin. I think this is the best possible option in this situation, but it’s not exactly ideal. After reading this entire saga, however, I don’t think anyone who cares about security should be using Deepin. Of course, I doubt this will be the end of the story. What about all the other Linux distributions out there? The security issues in Deepin itself are most likely also present in Debian, Fedora, and other distributions who have the Deepin Desktop Environment in their repositories, but what about the workaround to bypass packaging security practices? Does that exist elsewhere as well? I think we’re about to find out.

KDE 6 release: D-Bus and Polkit galore

The SUSE security team restricts the installation of system wide D-Bus services and Polkit policies in openSUSE distributions and derived SUSE products. Any package that ships these features needs to be reviewed by us first, before it can be added to production repositories. In November, openSUSE KDE packagers approached us with a long list of KDE components for an upcoming KDE6 major release. The packages needed adjusted D-Bus and Polkit whitelistings due to renamed interfaces or other breaking changes. Looking into this many components at once was a unique experience that also led to new insights, which will be discussed in this article. For readers that are new to D-Bus and/or Polkit, the following sections offer a summary to get a better idea about these systems. ↫ Matthias Gerstner You don’t get these kinds of in-depth looks at how a major new release like KDE 6 gets implemented in a popular distribution like openSUSE. What’s especially crazy is that this only really covers D-Bus and Polkit, and those are just two of the countless aspects of openSUSE affected by KDE 6.

Good old SUSE: KDE3 on today’s openSUSE

Until some time, SUSE shipped with a default desktop environment called KDE3, and even today, openSUSE is the only distribution, for which KDE3 packages are still available. In contrast to the fork TDE (Trinity Desktop Environment), these are the original KDE3 packages, which have also been used in earlier versions of SUSE Linux, and they were merely adapted to run under modern Linux systems. In the following tutorial, you are going to learn how to set up a current openSUSE system, with the look and feel of the original SUSE versions. ↫ Lioh Möller at SpaceFun An absolutely great idea, as it makes it much easier to see what the main desktop environments were like many moons ago. I hope similar tutorials spring up for GNOME and other desktop environments.

Suse will Fork RHEL

Today SUSE, the company behind Rancher, NeuVector, and SUSE Linux Enterprise (SLE) and a global leader in enterprise open source solutions, announced it is forking publicly available Red Hat Enterprise Linux (RHEL) and will develop and maintain a RHEL-compatible distribution available to all without restrictions. Over the next few years, SUSE plans to invest more than $10 million into this project.   The spicy bit here is that the CEO of SUSE, Dirk-Peter van Leeuwen, worked at Red Hat for 18 years before joining SUSE. Excellent.

Suse is once again an independent company

Open-source infrastructure and application delivery vendor Suse — the company behind one of the oldest Linux distributions — today announced that it is once again an independent company. The company today finalized its $2.5 billion acquisition by growth investor EQT from Micro Focus, which itself had acquired it back in 2014. I only remember using SUSE well over 15 years ago, and lost track of it after Ubuntu came onto the scene. Good news, though – I prefer open source companies to be independent. It seems to fit their nature better.

openSUSE 13.2 gets the green light

The openSUSE project released openSUSE 13.2 on Tuesday. The latest version of the big, green distro ships with updated desktop software, including KDE 4.14 and GNOME 3.14. The new release also features new artwork, a streamlined installer and faster YaST modules. Perhaps most importantly, openSUSE ships with the advanced Btrfs file system by default and will automatically take snapshots of the operating system whenever configuration changes are made. This allows administrators to roll back disruptive changes quickly and without using backups.Further details of the new openSUSE release can be found in the project's release announcement and in the release notes.

OpenSUSE board to take on big challenges in 2013

The openSUSE community has elected its new board of directors, who will take office in January 2013. Welcome to Raymond Wooninck and Robert Schweikert, who will have a lot of work ahead of them as the board helps navigate openSUSE through some choppy waters. openSUSE remains one of the most popular Linux distros around, but their delayed release of 12.2 in September has led the team to spend the last six months reworking their development process, and both new members are planning to prioritize improvement of openSUSE's communication strategies as well.

openSUSE 12.2 released

"The latest release brings you speed-ups across the board with a faster storage layer in Linux 3.4 and accelerated functions in glibc and Qt, giving a more fluid and responsive desktop. The infrastructure below openSUSE has evolved, bringing in newly matured technologies like GRUB2 and Plymouth and the first steps in the direction of a revised and simplified UNIX file system hierarchy." You can download openSUSE 12 from the mirrors.

Attachmate Talks SUSE, Novell, openSUSE

Attachmate now owns Novell and therefore, by extension, also owns SUSE and openSUSE. With Oracle currently doing everything in its power to thoroughly destroy what's left of Sun's open source commitments, scepticism abound about the future of SUSE, and more specifically of openSUSE. Attachmate's CEO has answered some questions about the future of SUSE and openSUSE, and as far as words go, it's looking good.

openSUSE Very Much Alive

Last week the openSUSE conference took place in Nuremberg, Germany. Instead of deciding to fork a major desktop, the conference focused on 'collaboration across borders' and the results are showing. Fedora visitors worked with openSUSE developers to integrate systemd and dracut in openSUSE 11.4, LibreOffice held their first conference track, project Bretzn (let's make developers' life easier) was announced and it became known that Mageia discusses use of the openSUSE Build Service.