That is just being pedantic. Why did they absolutely need to release this into the wild now? Why couldn’t they have waited?
“30 days should be enough time” why? Why is 30 days a magic number? Especially in open source.
Yeah it isn’t the researchers problem to tell every distributor of the kernel about the fix or verify that everyone has the fix, but fuck maybe wait until at least someone has the fix and maybe don’t drop it on a Friday. That is just malicious
They didn’t release anything into the wild. It existed. The irresponsible thing would be letting it keep existing without telling anyone.
You cannot deny that telling the entire world about this vulnerability before it is patched won't cause a lot of abuse that would not have happened otherwise.
I do deny that, mostly because we’ve entered the time of automated vulnerability detection and abuse. A human need not be in the loop at all anymore.
But, even if I agreed with you, how do you propose they tell the patchers this that doesn’t tell the whole world?
Why not?
What number of days do you want? If nobody tells the distros it could be months or years, and while it would be nice for the researchers to monitor/notify distros it's really not their job. They might not have thought of it.
And they dropped it on a Wednesday.