Excellent! They are credible. Why? Because you said so? That is good information, but just hearing your reasoning would make your comment a lot more credible itself without your reputation, which many people aren't familiar with. Other people here are making the case that the motives behind this research aren't perfectly pure, so, presenting the unique insight that you have on the credibility of this group would be awesome and potentially shift the topic of conversation.

It isn't just this particular instance that is driving my comment (in which I acknowledge your reputation, and nobody else's, a small oversight in your reply). The driving force is more your showing up in threads, saying something either plainly obvious or, worse, absolutely confusing, and then expecting your reputation to carry your comment the rest of the way. Most of the time, the reasoning behind your comment is completely unclear. It isn't avoiding drama to elaborate, it's making your point clearer and not relying upon a name you've created for yourself in this community when the rationale behind your opinion is unclear to those of us without your ability. The other comment that annoyed me recently, and most front of mind, was this one about nginx[1]:

"This is a very bad bug, and you should fix it ASAP. Don't wait."

Two things here:

    1. Thank you, Captain Obvious. What an enlightening comment.
    2. What does "very bad" mean?

The actual situation related to that vulnerability was much more complex, and the threat fairly small. You, however, glossed right over that and skipped to basically informing the lay to panic, then got really snarky when people questioned you on the motivation. I don't believe that making the lay panic is the right way to achieve greater security, regardless of your credentials, and this is one of those cases where the reasoning behind your comment would have gone a long way.

Think about what a novice admin walks away from that comment with. Yes, he upgrades, awesome. That's exactly what we expect of administrators. There's something more sinister underlying your end result, though, which is that you've trained an administrator to act on what you and other security professionals say when it comes to security, without any explanation or reason. Security would be a much better place if people started gaining the ability to think for themselves and understand the issue, and you're working to reverse that. I see this crap with bcrypt, too. "Just use bcrypt." "Why?" "Because smart people said so." Now what if you fuck up? What if you give bad advice?[2] Half of this community is going to take you at face value, because you don't present supporting facts for your position to be debated openly. Because it's 'tiring'.

You are quite unmatched in the security arena with your technical prowess. There's no question of that. It's comments like these, however, that make me annoyed that you're using said reputation inappropriately, and any questioning you receive on the matter leads to single-sentence snark like the pointless gray comment in this thread. Before asking why I commented, consider your own comments and the different standard you hold your own commentary to in this forum.

[1]: http://news.ycombinator.com/item?id=3709269

[2]: I fully expect a snarky reply to this hypothetical, so make it good.