this post was submitted on 20 Aug 2024
1 points (100.0% liked)
Linux
5187 readers
83 users here now
A community for everything relating to the linux operating system
Also check out [email protected]
Original icon base courtesy of [email protected] and The GIMP
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
(There it is, the needed china = malware comment)
Lol meanwhile trusting US software?
The difference is that laws in China require companies doing business in China provide the Chinese government with means to access all data crossing Chinese borders or involving persons of interest. You can read the DSL of China yourself; and consider that nearly every executive of any significant Chinese company also holds an office of some sort in the Chinese government, there are a vast number of Chinese nationals who are considered "persons of interest" to the national security of China and therefore fall under the DSL purview.
Any company building or selling software in China has to provide the Chinese government with access to data collected in China, or outside of China if it involves persons of interest for national security. Like I said, find the DSL and read it yourself, or read an InfoSec analysis of it from a company you trust - you don't have to take my word for it.
This immediately puts Chinese software into a different category of risk than non-Chinese software. Of course, the US could twist arms to get companies to put backdoors in software. But it's a false equivalency to say that they're the same. When the US does it, they have to do it covertly, and there's always the risk of a leak. When Chinese companies do it, they're doing it because Chinese data laws require them to.
The great thing about it being open source though, is even if it does have government mandated tracking, it's probably relatively easy to a create a fork without the tracking
Sure. If anyone is willing to put in that effort; I'm not going to audit all that code.
Does Deepin have its own package sources? B/c if so, you also have you audit all of the third-party packages for trojans, too.
but not every OS collects and transfers user data to its vendor like the very good American MacOS and Windows do.
Thanks for the clarification. If they dont collect data that would be unproblematic. If they do, of course this is extremely problematic.