@wdormann and this!

openssh does not directly use liblzma. However debian and several other
distributions patch openssh to support systemd notification, and libsystemd
does depend on lzma.

So the #shitsystemd #systemdsucks integration is all but minimal after all and it does ruin the security of unrelated security-relevant software.

Following #OpenSSH’s design criteria, the notification addition would have been added as a minimal thing that does only that and probably under privilegue separation. And not with #dbus either but with a separate filedescriptor or something. As some other notification-supporting inits do.