Project Zero (and infosec professionals, at least all of the ones I've ever worked with) would tell you that this was the most irresponsible way to handle the issue, short of not saying anything and selling knowledge of the exploit to someone other than the vendor who could fix it. Publicizing something like this in this way is something people do because they want publicity for themselves. It is not something someone does if their biggest concern is for the users who might be affected by it. It is something someone would do if they didn't care about the users, and just wanted public credit for pointing it out.
Furthermore, that deadline is 7 days if they are aware of active exploitation.
DJB is famous for his full disclosure with no advanced warning stance.
The rest of your post is false. That is your opinion, and people disagree. I'm going to guess you have not personally spoken with folks from project zero. I have spoken with some of them. And trust me, they would not agree with your statement. A few of them even feel strongly that their timelines are far too generous. I also understand their reasoning, and it has nothing to do with ego or publicity, and everything to do with concern for users.
They do not give a shit about credit beyond believing that it is proper to cite the authors of any work. That isn't the case for everyone finding bugs, but people on that team lost the novelty of having their name on bug reports long ago.
