[hxelk1]

This isn't about systemd. OpenSSH is one of the most (if not the most) security-critical program in the distribution. Many systems run with just ssh enabled. That's why you don't mess with it.

Which library pulled the vulnerability in is mostly irrelevant.

[b112]

When the init system won't reliably start openssh, and insists the only fix is to patch, then blame the horrible init system.

And that was what happened with systemd.

[amaranth]

sd_notify is for additional (useful) functionality, it would work fine without it. You can tell because it works on arch.

[b112]

You'd think it woukd work fine, after all, init systems for half a century have worked fine without it.

But no. Newer versions of systemd have issues, and this was what systemd pushed. Just why do you think all these distros had the sane patch? For fun?

Arch would have ended up with it eventually. It wasn't Arch being prescient, Arch wasn't using the same systend version as Debian Unstable, and other distros bleeding edge branches.