All due respect, but, did you read the rest of the mailing list, or, for that matter, my original comment? He didn't clear the change; he said it was fine for debugging, before other OpenSSL people corrected him.
There's no "problem" to fix here. Really! The problem is that Debian made an elective style-guide patch to OpenSSL based solely on Valgrind output. The "fix" to the problem is to back the patch out and make sure everyone's system is update.
The only underlying issue that needs to be fixed here is for Debian to never, ever independently modify OpenSSL (or any other crypto code) again. I think that's reasonable at this point. This is one of the worst crypto vulnerabilities I've ever seen, far worse than when OpenSSL and NSS broke RSA.
There's no "problem" to fix here. Really! The problem is that Debian made an elective style-guide patch to OpenSSL based solely on Valgrind output. The "fix" to the problem is to back the patch out and make sure everyone's system is update.
The only underlying issue that needs to be fixed here is for Debian to never, ever independently modify OpenSSL (or any other crypto code) again. I think that's reasonable at this point. This is one of the worst crypto vulnerabilities I've ever seen, far worse than when OpenSSL and NSS broke RSA.