They’ve come back up with advice to upgrade security on developers’ machines to prevent a recurrence. They give detailed instructions for developers to use 4096-bit keys and not to use DSA. They have promised to issue a detailed report. That will be interesting.
SJVN and others give good advice on keeping GNU/Linux systems clean.