[tptacek]

No, you're not the only one, but this is one of the oldest debates in computer security --- possibly the oldest debate --- and at least as many people as agree with you vigorously disagree and think that delaying information to conform with enterprise patch cycles does harm to organizations with strong security teams who can handle and respond to reports like this; those organizations tend to be the ones with the most users and the most sensitive data to protect.

While I sympathize far more with the full disclosure people than with the patch choreography people, I'm really only pointing this out to demonstrate that you're not going to resolve this debate in the HN comments about an Ansible vulnerability.