[dismalaf]

The entire thesis behind the open source security model is to have lots of eyes on the code/program, since more eyes = more likelihood of catching it. Even if you say it's accidental, let's say the odds of catching it are 0.00001. Repeat that enough times and you get 1.

It was caught before any distro released with it. The system worked.

[dralley]

If one of the Debian or Fedora developers had immediately caught on to what they were looking at when their attention was drawn to it by the failures, I would say the system worked. It's certainly true that open source saved the day here, but that's maybe different from saying "the system" worked. It easily could have gone unnoticed, or been noticed a few weeks later.

[dismalaf]

It could have also been noticed earlier. Maybe it was luck it was detected so late?