Non-disclosure of a consensus bug in btcd

The email discusses a significant disagreement regarding the timing of security disclosure between the maintainers of btcd and individuals named Niklas and AntoineP. The core issue centers around the desired delay before publicly disclosing a patched security vulnerability. The maintainers of btcd proposed a 6-month period between the implementation of a patch and its public disclosure, aiming to follow a precedent set by other full node implementations, which often extend well beyond a 6-month timeframe for disclosing critical issues. This approach is underscored by examples from past disclosures, as highlighted in the provided Bitcoin Core security advisories. Contrary to this cautious approach, Niklas and AntoineP opted for an earlier disclosure, choosing not to adhere to the additional 3-month extension requested by the btcd team. This decision to disclose only 3 months after patching, rather than the 6 months preferred by the btcd maintainers, marked a significant point of contention, reflecting differing perspectives on the balance between transparency and security in the context of critical software vulnerabilities.