Hi, The openssh change is totally broken, because none of the clients people use work with "trusted X" and they could not reasonably be modified to do so, without an effort on the scale of SELinux or even larger. The fact that the X server even supports "trusted X" is probably total nonsense. So, anyone who claims that "trusted X" is more secure is basically making a "concrete blocks not connected to the Internet are secure" argument. Maybe people who only run xterms would find the new ssh default useful, but even they presumably like to cut and paste... I don't know why the default is something that we know is useless and doesn't work. Havoc
