(In reply to moyanhao@deepin.com from comment #9) > > Would you please check them again? Or it is necessary to repackage with > > these patches first before you review them, I am not familiar with > > opensuse's package procedures, if so, please take the trouble to repackage > > it Yang. many thanks. I will take a look at the commits but in the end we also need a new package so I can perform some runtime tests. > Seems I missing the https://bugzilla.suse.com/show_bug.cgi?id=1134132 and > only seen this one, Apparently you cannot review deepin-file-manager without > fixes of 1134132, So just take this two emails as a process > notification���and I will let you know as soon as all the security issues you > pointed out has been fixed. True, this bug depends on the other one. Since you're from deepin, maybe you can also have a look at bug 1136026 and our statement there. We've invested quite some resources in reviewing deepin code but this seems to have no end. A different security culture needs to be established to make this work for both sides.