>The most recent "security advisory" was released despite the fact that the particular bug in the experimental HTTP/3 code is expected to be fixed as a normal bug as per the existing security policy, and all the developers, including me, agree on this.

>And, while the particular action isn't exactly very bad, the approach in general is quite problematic.