I don't get what you mean by this comment... We're referring to someone scanning their own network, checking for security holes, right?
Yes.
I'd expect the parsers in such security scanners would certainly learn to grok the Debian version. It'll lead to _more accurate_ security scanning.
It would. I'm just not sure that the security scanners will grok the version. Especially if they happen to be distributed by someone besides debian.
Either way, I don't see how this could be a security hole justifying any bug report higher than 'minor'.
It would justify more than minor, but in the security scanner --- not in ssh.
I'd just worry that existing network audits will be thrown off by changing the version. I _do_ think we should change the version when we release a security fix, though. Or when we make major changes (not sure if we do for ssh).