I have some projects "used by Google" as a dependency. Can I now expect someone posting three threads here in a day using deceitful title if I'm not nice enough to you? Will my words now be misrepresented as "Google said [..]"?
You lied to whip up outrage so you can piss an open source maintainer in the face, seemingly just to get revenge? Well done. Good job. 10/10 contributing.
This is not a strong take, the "fix" doesn't completely fixes the vulnerability. Passwords or private keys are not the same as a user-provided crypto-seed without checksums. This is supposed to be critical PKI software.
It's about corruption and bit rot, not about seed length. This is a project of a ex-google employee, used in chromium, that google publicly endorses; that's definitely akin to a "google project".
