Anyway, Debian had a reputation of being really difficult to install in the late 2000's. I probably got lucky with it. I started using it in 2011 (first time using linux and a computer illiterate just as today) and i went through it just the MS way, like "whatever, continue, continue".
As someone who loves the old designs (I've run Chicago95 for years now), the only thing stopping me from running CDE is it lacks first-class support from any distro I've used
I would uninstall the screensaver so fast if I saw a nag screen. Wtf it's a screensaver, what does it matter? I'll use a version that's 50 years old if I want to.
Because the dev gets a huge number of bug reports for bugs that were resolved 5 versions ago.
They actually asked debian to stop shipping the screensaver, because they were getting tired of saying "this is already fixed, debian is just not going to ship the fix for another year". Debian didn't want to stop, so the dev added the nag screen, because it was the only way to stop the flood of bug reports for things that were already fixed.
AFAIK, the xz vulnerability was designed for Debian based on its workaround fixing systemd service status detection. Even if it shipped to something like Arch, the malicious code wouldn’t load.
Regresshion impacted bookworm and trixie both. Buster was too old.
With the downside of me doing an apt update and seeing that openssh-server was on 1:9.2p1-2+deb12u3 and I had no idea at a glance if this included the fix or not (qualys's page states version 8.5p1-9.8p1 were vulnerable).
If you are running debian bookworm or trixie, you absolutely should update your openssh-server package.
The "install lib-blah-blah-blah" bit doesn't bother me 'cause whenever I need to make something work, I just copy and paste the "sudo apt install ..." commands straight from the internet :)