Misc, So we knew that OpenSSL had some problems, indicated by the fact that they were blissfully unaware that Valgrind gave warnings when compiling their code, from the Debian debacle. Then Heartbleed came along, and people knew how bad things really were, and then members of the OpenBSD got together and started working hard on cleaning up and auditing the OpenSSL codebase, which lead to some other people going through through the changes for indications as to what sort of vulnerabilities the original had. That eventually lead to this most recent round of vulnerabilities which professional courtesy dictated that the affected parties get enough time to patch their offerings before public disclosure, except for the OpenBSD team.
As a user I should probably just run snapshots to cut my window of vulnerability as much as possible, for the foreseeable future, as this problem's likely to get worse before it get's better, at the actual inclusion of LibreSSL in OpenBSD. Does this sound right, did I miss some important subtleties?
