Comment 1 John Helmert III 2022-07-11 16:20:59 UTC

(In reply to Xuesong Yan from comment #0)
> WPS Office should be removed from our main repository due to the rising
> security concerns.
> 
> There are reports that WPS office blocked locally stored files in some
> Chinese BBSes and websites. Upon contracting the company, the user lately
> reported the reason is the well-known censorship in China. 

What does "blocked locally stored files" mean?

> A well-behaved and trustable software must not modify/remove users' file
> without users' permission. 
> 
> The orginal reports can be found in one of follows links (written in
> Chinese):
> 
> https://www.solidot.org/story?sid=72083
> 
> https://www.lkong.com/thread/3035107
> 
> Also, there are related discussions in the well-known Chinese Twitter
> 'Weibo', but these discussions might be blocked soon due the censorship.
> 
> Reproducible: Didn't try

(In reply to John Helmert III from comment #1)
> (In reply to Xuesong Yan from comment #0)
> > WPS Office should be removed from our main repository due to the rising
> > security concerns.
> > 
> > There are reports that WPS office blocked locally stored files in some
> > Chinese BBSes and websites. Upon contracting the company, the user lately
> > reported the reason is the well-known censorship in China. 
> 
> What does "blocked locally stored files" mean?
> 
> > A well-behaved and trustable software must not modify/remove users' file
> > without users' permission. 
> > 
> > The orginal reports can be found in one of follows links (written in
> > Chinese):
> > 
> > https://www.solidot.org/story?sid=72083
> > 
> > https://www.lkong.com/thread/3035107
> > 
> > Also, there are related discussions in the well-known Chinese Twitter
> > 'Weibo', but these discussions might be blocked soon due the censorship.
> > 
> > Reproducible: Didn't try

The user uses a Chinese word "锁定“, I have no idea how to translate it. He complained that he was not able to access the revised manuscript, and WPS Office warned him that the manuscript contains sensitive/porn/political information (in the context, the one saved on his own computer, he hadn't uploaded the file to the WPS' cloud service). In addition, the user reported that the revised edition was disappeared from his own computer.

Comment 3 Toralf Förster 2022-07-20 09:14:53 UTC

Maybe OT, but it affect this package:

From my tinderbox I'm unable to download that package due to permanent name resolving issues (ttps://github.com/NLnetLabs/unbound/issues/694).

It looks like blocked DNS requests from the network where my tinderbox is located.

Comment 4 Pacho Ramos 2022-07-20 13:45:59 UTC

I would wait until see any prove more than some users complaints in forums... For now I see that is still being packaged in other distros like Arch, Slackware or FreeBSD without issues. I also remember when there were some "security" complaints when packaging Zoom time ago... If you don't trust it, you can simply don't install it... as many people don't buy Huawei stuff because of similar concerns and political issues

But I am not going to apply a double standard because of being a Chinese software, that can be applied to any closed source software (or even in the past applied to poorly auditored open source software), not matter being Chinese, Russian... or from USA or EU.

(In reply to Toralf Förster from comment #3)
> Maybe OT, but it affect this package:
> 
> From my tinderbox I'm unable to download that package due to permanent name
> resolving issues (ttps://github.com/NLnetLabs/unbound/issues/694).
> 
> It looks like blocked DNS requests from the network where my tinderbox is
> located.

The domain jcloud-cdn.com has been blocked in China, but I am not sure whether it is a related issue.

Comment 6 John Helmert III 2023-06-15 05:36:20 UTC

Yeah, I'm not sure that we, as a distribution, should be removing packages based on the nation state the software comes from. Similar arguments could certainly be had around Google and Microsoft products which are packaged by Gentoo.