martin f krafft <madduck@debian.org> writes: > > The logical conclusion from your arguments is that we should > > actually remove the ssh package from Debian! > > How so? If we shouldn't sign and check signatures because there are still ways of subverting one's ssh binary, then we shouldn't even distribute ssh binaries. Doesn't such distribution cause a false sense of security?