Ultimately, the btcd maintainers shipped vulnerable software.
The idea that discovery comes with a moral responsibility to cooperate with the maintainer is flawed. People need to understand that discoverers don’t owe maintainers (or users or anybody) anything. Not a timeline, not a specific method of disclosure, and not a specific audience. And particularly not that they spend their time having a debate about any of these.