Joe on Nostr: What you may be missing is that they develop on github and that activity is public. ...
What you may be missing is that they develop on github and that activity is public. The bad guys can already see security updates going in, pre-release. You seem to believe that if they don't release a security update on 4 July, that the bad guys won't know that there is an exploitation opportunity. They can already see the development work.
Now, if they had a larger team they could have a separate private git version for the really sensitive stuff, and a process for quickly pushing it into the public version for release. But until recently the core team was two people; now it's three. Perhaps this makes it a toy in your mind, but since the only alternatives are billionaire-owned surveillance/advertising systems I guess this is the best we are going to get.
Now, if they had a larger team they could have a separate private git version for the really sensitive stuff, and a process for quickly pushing it into the public version for release. But until recently the core team was two people; now it's three. Perhaps this makes it a toy in your mind, but since the only alternatives are billionaire-owned surveillance/advertising systems I guess this is the best we are going to get.