nostr:npub1wwch2y8ema6khz7yewg8rxlwqp4p7fpckc27c5vhm5n7pt0jy5ps2d8xnt Jake Gold @ Bluesky commented there about my first email to them.

He is accurate on the timing (received Friday, acknowledged Tuesday, separate discussion about documentation Wednesday), but he's being very misleading when he talks about the severity.  More specifically, my email had nothing whatsoever to do with the vulnerability I disclosed a few days ago -- my email was about a trivially abused DDoS that was fixed after being reported a month later -- see: https://github.com/bluesky-social/atproto/pull/1313