>Though I am somewhat concerned about the following bit from the message:
> "Please understand that we cannot give away the used exploit to random
> people who we don't know. So please don't ask us about it."
> I'm afraid I'm part of the group that just doesn't understand. This
> snippet reeks of security through obscurity for me. If the
> hole has been
> identified and, presumably, fixed, why not tell people about it?
I agree. I support and recommend Debian to my peers and clients on the basis that Debian is a stable and secure distribution. Therefore when something (such as this) happens I want to have full disclosure so I can confidently deploy Debian on our network.