Re: Some OSS development introspection needed
The difference is in who does the linking, and why. Libraries linked by the sshd developers are audited by them to ensure they're compliant with requirements. libsystemd was linked by people who wanted to tie sshd into a gigantic, sprawling mess of an "init" for the convenience of notifications.
It's all good and well saying that the attack could have come at any point, but the fact is that this vulnerability was introduced by the long arm of systemd reaching into sshd's internals, where it had absolutely no place being. THAT is the problem. THAT is the thing that people have been warning about.