Yes, it is important, and a SSL fault
I thought the strength of FOSS was the "many eyes" looking at these issues, therefore when one of those "many eyes" finds something, what does the FOSS community do ?
They complain and argue against it, and attack the messenger. I thought the "model" of FOSS was supposed to promote and support testing and experimenting with the code?
Assume you have a large group of people working on breaking into a system, mabey something like the chinese government. With huge resources, people "on the inside" and massive support and technical resources.
Now also consider, the further development of this type of exploit, (bug).
You know programmically control you're CPU and RAM voltages, you can also remotely control the CPU load, and progababy even the internal cooling system including CPU fan.
So it's quite possible for future development and work on this bug would make it exploit REMOTELY exploitable.
Also with "inside" workers, (say a chinese IT worker working in google chine, on a night watch).
Would be able to access the machine, and with the availability of super computers get the key's he wants. Mabey without detection.
a Cluster of 81 P4's, what would a couple of fully configured quit CPU, quad Core i7's and 4 TESLA cards do it in. Probably not that long. with a desktop supercomputer or two.
So this exploit/bug is critical, and it's not that big a step to refine it as a remote exploit, it might be as easy as watching the CPU load, and taking advantage of the expected known CPU temp.
Or varying the CPU and RAM voltages (as overclockers do all the time), making it a remote exploit. (not to mention the 'insider job' possibility).
It's is a fault (bug) in OpenSSL, there should be NO WAY for fragments of the Key to be released in clear text due to hardware operational issues.
It's about time FOSS start to take security more seriously, and cease beign so cavalear with the assumption that 'all it just dandy in FOSS'. It's not........