Notice that security holes fall into classes? One category of hole should be easy to eliminate from Debian by instituting a code auditing requirement. I'm referring to insecure creation of temporary files, allowing for symlink attacks. Now that we all know what this hole looks like, it should be simple to eliminate.
The other big source of common security holes, buffer overruns, is tougher to eliminate completely because they can be tough to spot. But there's no excuse now for anyone to put out another GNU/Linux distribution containing a program that creates temporary files insecurely. If I were Debian dictator (and I'm not even a debian developer, though I am what you guys call an "upstream developer" -- I'm on the GCC steering committee), I'd add a requirement that every package owner certify that he has checked the package s/he maintains for a list of common security problems, and that all problems found have been fixed. I call this "OpenBSD style" because they are the only folks currently doing this -- everyone else takes a reactive approach to security problems, not fixing them until someone posts a root exploit. We can do better.
