This is really concerning, how many other packages are distributed by OpenSUSE which do not match their policies and are not reviewed?
A Linux distribution is supposed to be more coherent and vetted than an app store. This... does not inspire confidence.
> The history of Deepin code reviews clearly shows that upstream is lacking security culture
As somebody that doesn't write code for a living (i manage infrastructure)... besides common sense, where would one start looking in order to learn "security culture" ?
I'm a little surprised that they covered a work-around to install Deepin - I wouldn't expect a team with such a strong opinion to make a judgement call on whether or not to distribute the software but then go out of their way to document platform-specific steps to use it, rather than leaving that responsibility to Deepin.