distros @ openwall list before the advisory went public. There is no perfect solution here, and a lot of the current structure relies on good faith, but it's better than doing nothing.
And while there's a massive pile of patches here, it's not that massive of a hole - the primary risk is if you have users on your Linux/Unix box that you trust to run programs but not to have root on the box. This isn't a "anyone who can open a TCP connection to your box owns you now" sort of hole (at least not in any scenario we've thought of - unfortunately with lower-level library code, we don't know all the ways programs may be using it).
Kill X with fire and focus the same amount of effort in making Wayland a reality. How many man-years are wasted on patching up X, which is a technology dating back as long as most people here have been alive?
After the worst legacy stack (x) is replaced, maybe the community can get together and write a replacement for glibc, which is by this point the second most legacy&defect by design stack in use almost everywhere.
Running Debian Squeeze (oldstable) and they were available pretty quick.
@varikonniemi: Consider this comment (quoted without attribution in van Sprundel's presentation), and then consider that Wayland uses XKB, as do so many new projects:Shoot me now. And then shoot Daniels for not freeing us from XKB yet.
And then shoot anyone who volunteers to try to fix XKB, before it's too late for them too.
Wayland FAQ even acknowledges that X isn't going anywhere anytime soon ("Is wayland replacing the X server?")
It may be old technology, but it's technology that's used by everybody running a GUI on Linux, BSD or Solaris.
Somewhat of a lacking analogy, since gasoline cars can not be run on electricity just by "figuring out an e->g converter". X on wayland is working pretty well in this day and age. Imagine what it could have been already, if wayland actually had a team of dedicated developers opposed to a few talents making it happen?
It sounds like wayland needed the manpower of ubuntu. Am i entirely misinformed if i say there are less than 5 people working full-time on wayland? That is like what you find in a mediocre iOS game development team. And here we are talking about making the next-gen Linux display server. It sounds really pathetic, yet one has to admire the technology they come up with. It takes a frickin' long time, but at least it is done right.
Did you just compare X devs to fart app developers :P