Even if transactions were not malleable, or if you use unchangeable signatures, you would still hit a race condition using them like Mt. Gox does.
The proper way to resend a transaction is to re-use an input which was used in the original transaction. It does not need to be all the same inputs, just at least one. This way it is not possible for the two transactions to both succeed. If the original transaction succeeds then the second will be rejected as a double spend.
In general Mt. Gox's software appears to not be paying attention to little details about inputs. For a while now if a miner sends the block find award to their Mt. Gox address then Mt. Gox will use the inputs resulting from that block find before the inputs are valid. This causes any transaction with said input to be ignored. The proper solution is to wait the ~100 confirms before using the new btc.
Note that this is a separate problem from the duplicated transactions. The point is: Mt. Gox is not tracking their bitcoin at the correct granularity. They appear to have written the software like we might use the bitcoin rpc api, without paying close attention to the details.
The proper way to resend a transaction is to re-use an input which was used in the original transaction. It does not need to be all the same inputs, just at least one. This way it is not possible for the two transactions to both succeed. If the original transaction succeeds then the second will be rejected as a double spend.
In general Mt. Gox's software appears to not be paying attention to little details about inputs. For a while now if a miner sends the block find award to their Mt. Gox address then Mt. Gox will use the inputs resulting from that block find before the inputs are valid. This causes any transaction with said input to be ignored. The proper solution is to wait the ~100 confirms before using the new btc.
Note that this is a separate problem from the duplicated transactions. The point is: Mt. Gox is not tracking their bitcoin at the correct granularity. They appear to have written the software like we might use the bitcoin rpc api, without paying close attention to the details.