
Still, forking the code is good
Regarding SSL, FOSS software was too dependent on single library making it a meaty target making it a de facto monopoly in OSS (especially given its scope). Given the post-heartbleed info, we have already seen something vaguely similar - Microsoft before 'Trusted computing' initiative. Big chunks of code without systematic security review and with little care for secure code practice (discounting code they purchased from someone else). Microsoft however, worked systematically on improvements, while FOSS was fast asleep on its laurels.
The sole fact that there are many eyeballs to look at the code does not mean that there are some experienced ones that are inclined to do just that (and that maintainers are capable of integrating the patch, given for instance, lack of free time and other systematic inadequacies).
Creating featurewise roughly similiar, competing libraries is good, we need some alternatives with similar breadth to at least partially offset this problem and distribute the risk. Frankly, this is only one chunk of the code base of usual FOSS OS distribution. Wonder what other initiatives (hopefully not incidents) are necessary for other pieces of code usually found on FOSS system...