I expect Project Zero will be monitoring carefully; for all their good intentions, this policy trial has the potential to go as badly wrong as the atop disclosure did, for everything they announce.
You can reasonably expect massive, worldwide scrutiny in anything P0 announces has a vulnerability in it without also disclosing the vulnerability, and this extra attention has the potential to overwhelm FOSS maintainers, even if they have fixed the vulnerability and are waiting for coordinated disclosure.
Maintainers always welcome genuine security reports, and especially love a working PoC. But they don't have time to deal with idiots, spammers, shysters and chancers who submit bullshit reports, or ask for hand-holding to submit what will turn out to be bullshit reports, and they definitely don't have time to engage in idle speculation. It wastes their time, and reduces the time they have to look at what could be genuine reports.
Imagine what would happen if Project Zero posted "you might want to stop running ffmpeg" with no further details. That's effectively what's being proposed. A million idiots descend upon the project with "Hey guys I heard Project Zero found a vulnerability in ffmpeg. How exciting! Is it this free(NULL)?"
There is nothing wrong with responsible and coordinated disclosures, even if vendors take liberties, and yes you should set an upper bound for disclosure. But if your policy is "I will disclose to the public that I found a bug in specific software, but not what the bug is", accept that you are likely to unleash chaos, especially if you are a well-regarded and trusted researcher.
