There is no such thing as "the responsible disclosure protocol". There's really no such thing as "responsible disclosure" at all, but "the responsible disclosure protocol" is a term I have literally never heard before. (I've been a vulnerability researcher since the mid-1990s, for what it's worth.)
https://en.wikipedia.org/wiki/Coordinated_vulnerability_disc...
> In computer security, coordinated vulnerability disclosure (CVD, sometimes known as responsible disclosure)
I guess you can learn something new after 36 years.
If you are referring to what you quoted, your pedantry and sharpshooting would result in an incomplete English sentence: "that's why we have the responsible disclosure" is missing a noun. Now that we are firmly in worthless pedantry:
Protocol (n):
1.a. a system of rules that explain the correct conduct and procedures to be followed in formal situations
1.b. a set of conventions governing the treatment and especially the formatting of data in an electronic communications system
If you don't like what I said or disagree, poke holes in factual inaccuracies. However, in the reality that I am pretty sure we all share, responsible disclosure is a well established protocol that is followed by many security researchers, and was imperfectly followed here.
I don't think you're going to bluff your way through this.
What rules were not followed here?
Tons of distros were not informed.