Additionally:
- a ton of ISO downloads, ARM and RISC-V support
- Local AI integration for detecting images, searching through docs, finding stuff and writing emails.
- Wayland support.
- A new UI which is a mix of MacOS, Windows 11 and KDE Plasma.
- Atomic updates.
- A new containerized package format (linglong) competing with Flatpak, with some improvements over it.
Not going to trust a distribution from China, even if it does claim to be open source.
(There it is, the needed china = malware comment)
Lol meanwhile trusting US software?
The difference is that laws in China require companies doing business in China provide the Chinese government with means to access all data crossing Chinese borders or involving persons of interest. You can read the DSL of China yourself; and consider that nearly every executive of any significant Chinese company also holds an office of some sort in the Chinese government, there are a vast number of Chinese nationals who are considered “persons of interest” to the national security of China and therefore fall under the DSL purview.
Any company building or selling software in China has to provide the Chinese government with access to data collected in China, or outside of China if it involves persons of interest for national security. Like I said, find the DSL and read it yourself, or read an InfoSec analysis of it from a company you trust - you don’t have to take my word for it.
This immediately puts Chinese software into a different category of risk than non-Chinese software. Of course, the US could twist arms to get companies to put backdoors in software. But it’s a false equivalency to say that they’re the same. When the US does it, they have to do it covertly, and there’s always the risk of a leak. When Chinese companies do it, they’re doing it because Chinese data laws require them to.
but not every OS collects and transfers user data to its vendor like the very good American MacOS and Windows do.
Thanks for the clarification. If they dont collect data that would be unproblematic. If they do, of course this is extremely problematic.
The great thing about it being open source though, is even if it does have government mandated tracking, it’s probably relatively easy to a create a fork without the tracking
Sure. If anyone is willing to put in that effort; I’m not going to audit all that code.
Does Deepin have its own package sources? B/c if so, you also have you audit all of the third-party packages for trojans, too.
Does anyone know why they switched to this new packaging format, especially since they, as far as i can tell, were using flatpak before? I cant find any explanation on it in blog posts or release notes. In general i find the information they provide on implementations (atomic updates etc.) rather minimal.
I wonder if said AI features run locally, but too lazy to check. Because if it’s not local, it’s a really big security issue no matter the country of origin
