I don't think it should be called a bug. Peter Todd (well-known Bitcoin developer), said[1]:
> [...]I'm a bit hesitant to bake in assumptions about malleability when we have no solid idea if ECC signatures are or are not malleable on a fundemental level; if "whack-a-mole" anti-malleability is all we've got it could be ugly if a break is found.
I understand this to mean, there may be unknown ways to transform signatures, like the s sign flip you quoted. In that case there would be no way to know which representation is "canonical." Thus, malleability is either a fundamental, fatal flaw in Bitcoin, or just something Bitcoin developers need to work around.
Now, it seems even the reference implementation isn't perfect about malleability, and perhaps people could have been better about making the issue known. So there is work to be done, but it is not a "bug" that can be "fixed", at least not without upgrading the entire network, and/or risking it popping up in the future when someone applies more ECDSA signature mutation tricks. The real solution, if you want to safely fingerprint transactions, is to make your own transaction hash that is immune to malleability, like [2].
> [...]I'm a bit hesitant to bake in assumptions about malleability when we have no solid idea if ECC signatures are or are not malleable on a fundemental level; if "whack-a-mole" anti-malleability is all we've got it could be ugly if a break is found.
I understand this to mean, there may be unknown ways to transform signatures, like the s sign flip you quoted. In that case there would be no way to know which representation is "canonical." Thus, malleability is either a fundamental, fatal flaw in Bitcoin, or just something Bitcoin developers need to work around.
Now, it seems even the reference implementation isn't perfect about malleability, and perhaps people could have been better about making the issue known. So there is work to be done, but it is not a "bug" that can be "fixed", at least not without upgrading the entire network, and/or risking it popping up in the future when someone applies more ECDSA signature mutation tricks. The real solution, if you want to safely fingerprint transactions, is to make your own transaction hash that is immune to malleability, like [2].
[1] http://sourceforge.net/mailarchive/message.php?msg_id=319546...
[2] https://github.com/sipa/bitcoin/commit/e7853a91cf646a6a47011...