This is a *security* issue, not a wishlist request. It is also reasonable for it to be fixed in a debian-specific manner. > At least if the user never encountered the real problem > then this would be not a bug at all. If a user *ever* encounters this as a problem, it is too late, because it will be a CERT advisory and not just a bug report anymore...