I agree with your conclusion that we shouldn't make a public statement trying to capitalise on this, but:
Russ Allbery writes ("Re: should debian comment about the recent 'ransomware' malware."): > This is not a case where Microsoft did something clearly wrong, or even > differently than we would have done, or where free software would have > helped significantly. I can't let this slide. If these systems were running Debian, big organisations like the British government could hire people to provide security support for their users, even for versions which we no longer support. When the obsolete operating system is Windows, they can only hire Microsoft, who can set the price at whatever they think the market will bear. As it happens this particular vulnerability was indeed fixed by Microsoft, and that the UK NHS suffered so much is because of government and management failures[1]. But in general, users who for any reason are stuck on very old systems are in a much better position if those systems are free software. Also, Debian's engineering approaches mean it's easier to support obsolete environments, eg via chroots and/or mixed systems and/or selective backporting. Ian. [1] The NHS has been seriously underfunded and can't afford to hire enough good IT people (or indeed enough medics); and there has been a drive to replace IT systems with massive centralised IT disaster projects, which has starved existing systems of attention and resources.