OpenKylin is already starting to be implemented on government systems and private companies all around China.

Edit: This is what was written on the website.

  • 133arc585@lemmy.ml
    link
    fedilink
    arrow-up
    12
    arrow-down
    3
    ·
    1 year ago

    Xenophobic fearmongering serves nobody.

    Should we also avoid the Linux kernel, since it’s Finnish, and Finland participates in the largest global surveillance apparatus with the USA? There’s absolutely no reason to assume the distribution is any less secure or any more likely to be malicious simply due to it being developed in China or by Chinese.

    Moreover, it’s open-source. Use the same logic you should apply to open-source software before you accuse it of being malicious: look at the code and prove it.

    • blackluster117@possumpat.io
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      That’s fair.

      Worked on by over 3,000 developers, 74 SIGs (special interest groups), and over 200 enterprises, openKylin has come a long way since its early releases.

      74 SIGs (special interest groups), and over 200 enterprises

      This is the only thing from the article that bothers me. My statement above was not meant to come across as xenophobic, but wary considering, historically, how involved China’s government is with local tech companies and entities that would contribute to a project like this. Obviously, more data needs to be evaluated, but I think it’s fair to be cautious.

      • 133arc585@lemmy.ml
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        2
        ·
        1 year ago

        My statement above was not meant to come across as xenophobic, but wary considering, historically, how involved China’s government is with local tech companies and entities that would contribute to a project like this.

        This right here is where the problem is though. Simply being associated with the Chinese governement is not sufficient to assume malfeasance. Just as any of the large USA tech giants that take various forms of government funding aren’t automatically assumed to be malicious simply by being associated with a “malicious” government. Hell, the Linux Foundation (Linus’ employer) is almost entirely funded by really creepy USA-based tech companies that themselves receive government money for various projects or products. I don’t assume baselessly that Linus would make the distribution insecure simply because he’s funded by people who might want that.

        Obviously, more data needs to be evaluated, but I think it’s fair to be cautious.

        It is only fair to be exactly as cautious as you would be to run any other random Linux distribution: say, some random person’s fork of Debian. Again, unless you have actual reason to treat it differently, doing so baselessly is rather lame and doesn’t serve anyone. Of course it’s fair to be catious of something as critical as an operating system; but viewing it through a biased lens doesn’t make you more secure.

        SIGs (special interest groups)

        I’m not sure the precise definition for what counts as an SIG here, but it could mean something analagous to the Linux Foundation. It isn’t necessarily suspicious. I think, from context, it’s used in contrast to “enterprises”; that is, I take it to include any volunteer or not-for-profit contributions.