OpenKylin is already starting to be implemented on government systems and private companies all around China.
Edit: This is what was written on the website.
OpenKylin is already starting to be implemented on government systems and private companies all around China.
Edit: This is what was written on the website.
Probably best to not ever touch a Chinese built OS, but just look at it from a distance. At least, for the foreseeable future.
Xenophobic fearmongering serves nobody.
Should we also avoid the Linux kernel, since it’s Finnish, and Finland participates in the largest global surveillance apparatus with the USA? There’s absolutely no reason to assume the distribution is any less secure or any more likely to be malicious simply due to it being developed in China or by Chinese.
Moreover, it’s open-source. Use the same logic you should apply to open-source software before you accuse it of being malicious: look at the code and prove it.
That’s fair.
This is the only thing from the article that bothers me. My statement above was not meant to come across as xenophobic, but wary considering, historically, how involved China’s government is with local tech companies and entities that would contribute to a project like this. Obviously, more data needs to be evaluated, but I think it’s fair to be cautious.
This right here is where the problem is though. Simply being associated with the Chinese governement is not sufficient to assume malfeasance. Just as any of the large USA tech giants that take various forms of government funding aren’t automatically assumed to be malicious simply by being associated with a “malicious” government. Hell, the Linux Foundation (Linus’ employer) is almost entirely funded by really creepy USA-based tech companies that themselves receive government money for various projects or products. I don’t assume baselessly that Linus would make the distribution insecure simply because he’s funded by people who might want that.
It is only fair to be exactly as cautious as you would be to run any other random Linux distribution: say, some random person’s fork of Debian. Again, unless you have actual reason to treat it differently, doing so baselessly is rather lame and doesn’t serve anyone. Of course it’s fair to be catious of something as critical as an operating system; but viewing it through a biased lens doesn’t make you more secure.
I’m not sure the precise definition for what counts as an SIG here, but it could mean something analagous to the Linux Foundation. It isn’t necessarily suspicious. I think, from context, it’s used in contrast to “enterprises”; that is, I take it to include any volunteer or not-for-profit contributions.