
Got there in the end.
Honestly, I am reminded of the quote attributed to Churchill, speaking in his case of the Americans: "They will do the right thing in the end, but only after trying all the alternatives" (or words to that effect).
I'm glad that the Apache security team finally forced users to change the default key. But how frustrating that they shilly-shallyed for so long over it. Yes, yes, "don't want to break existing installs" and all that, but I think this is one of those cases where such breakage is definitely the lesser of two evils.