Chinese distro (OpenKylin) made to provide independence from western technologies releses its first stable version

BrenoMartins@lemmy.ml to Linux@lemmy.ml – 70 points –
OpenKylin 1.0: First Stable Release of an LFS Distro from China
news.itsfoss.com

OpenKylin is already starting to be implemented on government systems and private companies all around China.

Edit: This is what was written on the website.

50

You are viewing a single comment

The article is not very informative. No mentioning about package manager they use, no explanation if UKIP runs on wayland natively, etc. I guess i just have to try it myself.

Probably best to not ever touch a Chinese built OS, but just look at it from a distance. At least, for the foreseeable future.

Xenophobic fearmongering serves nobody.

Should we also avoid the Linux kernel, since it's Finnish, and Finland participates in the largest global surveillance apparatus with the USA? There's absolutely no reason to assume the distribution is any less secure or any more likely to be malicious simply due to it being developed in China or by Chinese.

Moreover, it's open-source. Use the same logic you should apply to open-source software before you accuse it of being malicious: look at the code and prove it.

That's fair.

Worked on by over 3,000 developers, 74 SIGs (special interest groups), and over 200 enterprises, openKylin has come a long way since its early releases.

74 SIGs (special interest groups), and over 200 enterprises

This is the only thing from the article that bothers me. My statement above was not meant to come across as xenophobic, but wary considering, historically, how involved China's government is with local tech companies and entities that would contribute to a project like this. Obviously, more data needs to be evaluated, but I think it's fair to be cautious.

My statement above was not meant to come across as xenophobic, but wary considering, historically, how involved China’s government is with local tech companies and entities that would contribute to a project like this.

This right here is where the problem is though. Simply being associated with the Chinese governement is not sufficient to assume malfeasance. Just as any of the large USA tech giants that take various forms of government funding aren't automatically assumed to be malicious simply by being associated with a "malicious" government. Hell, the Linux Foundation (Linus' employer) is almost entirely funded by really creepy USA-based tech companies that themselves receive government money for various projects or products. I don't assume baselessly that Linus would make the distribution insecure simply because he's funded by people who might want that.

Obviously, more data needs to be evaluated, but I think it’s fair to be cautious.

It is only fair to be exactly as cautious as you would be to run any other random Linux distribution: say, some random person's fork of Debian. Again, unless you have actual reason to treat it differently, doing so baselessly is rather lame and doesn't serve anyone. Of course it's fair to be catious of something as critical as an operating system; but viewing it through a biased lens doesn't make you more secure.

SIGs (special interest groups)

I'm not sure the precise definition for what counts as an SIG here, but it could mean something analagous to the Linux Foundation. It isn't necessarily suspicious. I think, from context, it's used in contrast to "enterprises"; that is, I take it to include any volunteer or not-for-profit contributions.