Thanks for this analysis, Ask, it's really interesting.
Is there any way to estimate how many clients had bad time because of pool servers not doing leap second correctly? My naive guess is it's about 1% of NTP Pool clients, or approximately 100,000 machines.
My math could easily be wrong though.. Here's how I got there. Clients frequently have 4 random pool servers configured (Linux defaults). So if they have 2 or more bad servers the consensus algorithm won't help and they may have bad time. 442 servers had bad time, roughly 10% of the pool. So there's a 10% * 10% = 1% chance of a client having at least 2 bad pool servers and therefore bad time. There's 5–15M clients using the NTP pool, so 1% of 10M is 100,000. Like I said, could easily be wrong, but that's what I wrote on my napkin here.