Several programmers should have to look over code before it gets put in any official release. The error was ridiculous. You can't just comment out code because it causes you problems, least of all when it's part of an important security module. I smell sabotage.
On the bright side, the problem had been fixed by the time the press got a hold of it, which is pretty good. I suppose I should boot into Ubuntu and update now.
Sheep Rustlers in the sky! <S> Slapt | <S> FUI | Air Warrior II/III
Yup, this is a serious black eye for the Debian team, which (until now) had a pretty good track record on security issues.
We found and replaced a couple of "bad" keys on a Debian server we recently set up where I work. Fortunately, none of the affected services were exposed outside our workgroup before the flaw was discovered, so we should be in the clear.