You can't install Deepin Desktop from the official Fedora repo anymore - here's why

Jack Wallen/ZDNET Follow ZDNET: Add us as a preferred source on Google. The only way forward for Deepin is a strict code review. The first time I tested Deepin Desktop Environment (DDE), it blew me away .

I thought, "This new Linux desktop will finally be the open-source operating system's big breakthrough." For a while, it looked as if my prediction might come to fruition. Fedora KDE: Which KDE Plasma distro is right for you? But things took a concerning detour. Seven years ago, several YouTube videos, such as this one , reminded us that sometime around 2018, the Deepin Store was sending unencrypted requests to the Chinese equivalent of Google Analytics (CNZZ). The data sent to CNZZ included the user's browser agent and other bits of information. Deepin addressed that issue and stopped collecting data. According to Foss Linux , a forensic sweep found no evidence of active spyware in Deepin's core. Then, in 2025, things started to unravel for Deepin when SUSE decided to cut ties with the Chinese distribution. According to SUSE's findings , "we noticed a policy violation in the packaging of the Deepin desktop environment in openSUSE. To get around security review requirements, our Deepin community packager implemented a workaround that bypasses the regular RPM packaging mechanisms to install restricted assets." The report continues, "As a result of this violation, and in the light of the difficult history we have with Deepin code reviews, we will be removing the Deepin Desktop packages from openSUSE distributions for the time being." Also: Red Hat Desktop vs. Fedora Hummingbird: Which AI development Linux path is right for you? On the heels of SUSE's announcement, the team behind Fedora (which Red Hat Enterprise Linux is based on) decided to follow suit and remove the Deepin packages due to similar security concerns.

Key points

• I thought, "This new Linux desktop will finally be the open-source operating system's big breakthrough." For a while, it looked as if my prediction might come to fruition.
• Fedora KDE: Which KDE Plasma distro is right for you?
• But things took a concerning detour.
• Seven years ago, several YouTube videos, such as this one , reminded us that sometime around 2018, the Deepin Store was sending unencrypted requests to the Chinese equivalent of Google Analytics (C…
• The data sent to CNZZ included the user's browser agent and other bits of information.