Perhaps others will find this as interesting as I did:
http://www.eweek.com/security/linux-kernel-developer-criticizes-intel-for-meltdown-spectre-response
I wonder why Intel excluded Debian from the early information? Google searching does not reveal why Intel would do that to Debian.
They only gave information to selected companies at first, not community-driven projects, no matter their size or importance. They should have asked some of the many kernel-devs they employ how to handle this.