No subject

into and I guess the Sourceforge/Apache user just trusted their SSH
client.

> On a related note, is Debian's security.debian.org updated as quickly as 
> they claim (usually within 48 hours of a hole being discovered), or
> would reliance on using it frequently for updates just give one a nice warm
> fuzzy and, well, illusory sense of security about the programs one has
> installed. I know that security is not only about what one has
> installed and/or running, that just happens to be the angle I'm asking
> about here.