First, I detest the excuse "some one is worse - or at least you cannot prove it is not, therefore we are actually quite good!"
Then, I call bullshit. Closed source do get "CVE'd" and the companies can be held liable. Foss developers cannot be sued (and get as much money as from G/M/A/...).

But do continue with the same attitude. After next exploit, and 10 more later, just say "yes, someone out there is worse, especially now as we have fixed ALL known vulnerabilities". Although the new version out next month will probably introduce more new holes than what were fixed.

I knew this excuse would used again and again, long before Heartbleed. I complained loudly (see my history) for your though to be fatally flawed.
The problem is, that this kind of thinking generates more holes than fixes.

But then, I think you were sarcastic and the moderators missed it.

You are a dangerous idiot. Quite ofthen the speed limit is not to protect you, but others. Quite often the (low) speed limit is due to "addition risk", a risk that might be difficult or impossible for the driver to see. Which you have decided to neglect, because you think you are a "better driver". Hint: your reaction time is most likely not significantly smaller than others.

No, that is not what they are after. They want you to pay for the information.
So that you would not get it freely from "illegal" or "gray" (hard to say whether illegal or not) sites.
So that if you do, they can send you the "600€ or face prosecution" -letter.

"taxi driver is thinking"

This is exactly my point. And you missed it.

If I have understood correctly, in (someparts of?) USA, if you drive the getaway car in a bank robbery and someone dies, you will be charged (and probably convicted) of murder. Although, in a way, what you did is nothing more than what a taxi driver does. Right?

Get real!

I have, and never will, understand the Coke-phenomenon.
To me all colas are "too strong", they kill the taste food - so they cannot be drank with food. But still people do. For thirst - no, again, too much sugar or other sweeteners, it does not take the thirst away. But still people do.

By far the best drink is tap water, for thirst and with most foods (unless you fancy a nice beer or wine, but that is different story entirely).

Apparently there are even cola-connoisseur like you (not that there's anything wrong about it).

Don't get me wrong, I occasionally do drink a soft drink, but that is mostly to get some sugar into blood stream.

Newspapers have editors who can be kept responsible for the content in the newspaper, search engines do not.
Then EU does have "government", "police", "judicial system" and "newspapers" as separate entities unaffectable by others (government cannot directly control police, judicial system or newspapers, neither can police control any of the other entities, and so on).

We should not stop bashing OpenSSL, ever (although I do admit it is "product of the community").
Just to remind people that this kind of development is not acceptable, not "even" in FOSS world.

The allocator was never "100% necessary". It might have been advantageous in some systems, but in vast majority of systems it have never been more than a hassle. Then when they made the OpenSSL unworkable without their allocator - or rather without the undocumented behaviour their allocator happened to have, they should have removed it immediately. But no, they were macho, they thought "we know better".

I do not believe you. If this were an isolated case, then you'd be right. But no, this kind of "oops, well now it is fixed" things happens all the time, over and over again. The culture of the programming never improves due to the error - no matter how simple, no matter that it should have been noticed earlier, no matter what.

I am willing to bet that after next hole the excuses will be same "it was simple, now it is fixed, should up" and "why don't you make better, shut up" or just "you don't understand, shut up". And still the cowboy-coding continues.

This was caused partially by unchecked parameter (this should have never happened, there is no excuse for it), partially because the idiots used their own allocator which created the covert channel and prohibited the use of malloc-debug libraries. Libraries which would have found the error - again this should not have happened.

But then, maybe I just should shut up ...

You forgot NIH. OpenSSL used its own allocator, the most positive thing I can say about that is "totally idiotic". AFAIK nobody is removing it ...

Furthermore, C is insufficient language for a security software (C++ when properly used barely acceptable, managed languages much better).

"less clear"?

Less clear my ass! I'd say there is no leadership in the project, unless "FUD" (fear of it breaking something) is called "leadership". But then as you say, "nobody cares".
If the code is as you describe, the whole shebang should be rewritten from scratch using higher level managed language. Any managed language would have prevented the information leak although probably not the unchecked value.

I challenge anybody to review it and find (or notice) the bug.
My point, once again, is: C should not be used for security sensitive programs, we should start using managed languages.
I know, won't happen, because people are lazy and won't learn. Yet again we will think that this fix solves everything, that now OpenSSL is fixed. Which it most likely is not; I would be really surprised if there are no holes KNOWN (to some russian, chinese, israeli, usa, ... agency, or mafia).

Are you saying I do not have the right to say "Eich must be fired" or "please support my view" or "I will use another browser"?
Any of those or all together or where is the line?
AFAIK nobody has threatened him or other people, have they?

Note: I personally have no opinion whether Eich should step down or not.