On Mon, Apr 14, 2025 at 12:20:34PM -0700, Michael Paoli wrote: > What systemd dependencies? :-)
Thanks for reminding us that Debian is (more or less) viable without systemd (I try to keep my daily driver that way, too). But the original poster has another, valid concern. I think the best illustration is given by that xz vulnerability [1] which was so elaborate that it was certainly introduced intentionally. The dependency of OpenSSH on the xz library was introduced in Debian (and RedHat and...) by linking to libsystemd things, to make the user's lives more comfortable (socket activation, what have you). So even without systemd, just with the Debian binary of the OpenSSH server (patched to work well with systemd), you'd have been exposed. Cheers [1] https://en.wikipedia.org/wiki/XZ_Utils_backdoor -- tomás
signature.asc
Description: PGP signature
