Hi Eric,
> Many other projects have been on the receiving end of this misperception, and it has in fact caused material harm to the community
Without getting in unnecessarily re-opening old wounds, if you have examples of what has caused material harm to the community, it can be interesting to share.
From experience with second-layers, as soon as you start to have many codebases affected by a vuln, it's another kind of dynamics so good to draw lessons.
> I don't know what precipitated this change, but props to you all for stepping up.
About the timing, among many factors, the bitcoin whitepaper assignment legal issue is hopefully less a concern now so some competent people have more time to handle that job of publicly disclosing security bugs. In addition, the bitcoin open-source landscape has more resources (for the best and worst) than 10 years ago. From sharing beers with Amir not so lately, it wasn't that +10 years ago. I know he was kicked-off from the original sec list, though I'm not sure the reasons are well-known.
Best,
Antoine