Comment 2 for bug 707098

"Opinion" isn't the right status here.

Alan, firstly (and tangentially, I suppose), the openssh update was a normal update, not a security update. That aside, we didn't change the "oom" line in that update, only the "expect" and "exec" lines. Here's the full diff:

  http://launchpadlibrarian.net/61846798/openssh_1%3A5.3p1-3ubuntu4_1%3A5.3p1-3ubuntu5.diff.gz

So I think what happened here is that you got dpkg's conffile prompt, and answered "install the package maintainer's version" without correctly resolving the local change that was present on your system (i.e. commenting out the "oom" line).

dpkg conffile prompts have never been particularly elegant, and at some point I think we would like to add a more convenient three-way merge facility to them (some prompts already have this due to ucf, but the package has to arrange for this manually and it makes things more complicated). This isn't really a bug in the openssh package, though.

As for the oom breakage in general, newer upstream versions of openssh do this rather more gracefully without requiring special hacks for particular container systems, so I think once you move your VM to Ubuntu 10.10 (or 12.04 LTS) or newer, this should no longer be a problem.