Huge fan of LineageOS, but this isn't a great comparison. While Google probably found out about Krack earlier than the Lineage team. They aren't going to break their normal monthly security release schedule for it.
The vulnerability wasn't released as soon as it was found, it was released upon a certain date, and looks like Google is releasing multiple patches a month anyway:
https://source.android.com/security/bulletin/
How is Lineage OS a "fledgeling" project since it has original roots going back more than 8 years? While Lineage OS does not work on all "Android" devices, it does still support a wide range of them.
The only difference I see, is that LineageOS users are safe now (or when next built is compiled). Android users will have to wait for months, if they'll get an update at all.
so, who will be hurt if Google releases this time a non monthly security update? E.g. I don't see any sysadmin related tasks to this. Look e.g. on a big competitor: Apple is releasing whenever there is something new/important. Why cannot Google go the same way. What's so wrong when there is a October 17th security update?
I mean... it takes anyway a couple of months until many vendors will implement the upcoming November patch.