>> To me, the fix *was* released. Sure, no fancy installers were generated yet, but people who are susceptible to this issue 1) now know about it, and 2) have a way to patch their system *if needed*.
Sure. Because, among making a living, eating, sleeping, and occasionally getting laid, *I* have time to monitor 600 sources for security advisories for the 45MLoC on the 19 Linux boxes I'm informally responsible for, and patch them all instantly, running acceptance tests on each.
I didn't even have all that much time *when that was my job*.
This is the same half-assed argument as the one that says that "security by obscurity" is bad. It's not... it's just not *enough*. Same principle.
There is *no* good answer, incidentally, in case you were gonna bash your brains in looking for one; that's why we *call* them Bad Guys.