This has been pretty publicly beaten to death but I just thought I would throw my thoughts in on the whole Debian SSL key issue. This is crazy. How does this not get noticed for as long as it has been out (any keys generated between 09/06 and 05/08)? Which makes me wonder how many people already knew about this and were using it without the community at large being aware of the problem?
I hate to be the one to ask but is this caused by open source testing? Are people more forgiving of faults in Linux so they over look glaring defects? There doesn’t seem to be as much animosity as there would be if this were an issue in Windows. Maybe I am just more questioning now that I am running a macbook and every where I go mac folks are blaming everything but the macbook. “It isn’t your mac, it is that you want to run encryption. Just don’t use encryption.” Hello? McFly?