> Puck was being malicious in releasing the information.
[citation needed]
> There's no favourable way of describing disclosing a vulnerability on social media because the maintainers didn't meet your 7 day deadline.
personally I'm grateful he didn't sit on a remote privexc vulnerability for 90days when he was confident it wasn't going to be fixed. I think you're conflating public disclosure (security though obscurity) with real harm, compromise due to the bug. If Puck found it, others who would gladly sell it for coin on the black market, would have found it.
[citation needed]
> There's no favourable way of describing disclosing a vulnerability on social media because the maintainers didn't meet your 7 day deadline.
personally I'm grateful he didn't sit on a remote privexc vulnerability for 90days when he was confident it wasn't going to be fixed. I think you're conflating public disclosure (security though obscurity) with real harm, compromise due to the bug. If Puck found it, others who would gladly sell it for coin on the black market, would have found it.