There are multiple ways to remove this 1-bit of freedom. One way is to make S even. Another way, now used by bitcoin-qt git, is to make s < order/2. The advantage of this way of removing the vs others freedom is that it also reduces the average signature size slightly. I now prefer the s < order/2 version of this just because it produces smaller signatures and the flip is even easier to implement than the even/odd version.
if you look at the current code in git master, it just subtracts order/2 when s > order/2 - pretty simple.
Flip is already being done when you deal with compressed public keys. All software that can process compressed public keys already knows how to do the flip (val = prime - val). It would be nice to be consistent here IMO.
FWIW when I used this method on S (if S is odd: S = prime -S) - the code produced signatures that are considered invalid by both my code (microecdsa) and OpenSSL. *puzzled* When I used the other way (if S > prime/2 : S -= prime/2) I ended up with the same result (invalid signatures). Any hints on what is going on?