> No, you're in more pain, but other defenders with different postures benefit from having faster and fuller disclosure.

Good for them. But just because some folks cannot afford 24/7 response teams and on-call personnel that doesn't make them or their systems any less important.

Lots of non-profits and academic institutions had to scramble because of the Linux kernel team's position of non-communication to distros.

Mind explaining how sitting on it a month after the patch landed is 'faster'? To my mind, that's a month where attackers could analyze commit logs, but maintainers are not acting with urgency to ship fixes.