[pseudalopex]

> I don't see where he is threatening anybody?

The threat he relayed was more serious than the threat he made. But it is a threat when a person with influence suggests they may support a punishment.

> If you promise to store a key in a non-exportable format

There was no such promise. The people who wish Passkeys to replace passwords did not demand it yet even.

[jeroenhd]

> There was no such promise. The people who wish Passkeys to replace passwords did not demand it yet even.

The specification states otherwise: https://www.w3.org/TR/webauthn-2/

    A credential private key is the private key portion of a credential key pair. The credential private key is bound to a particular authenticator - its managing authenticator - and is expected to never be exposed to any other party, not even to the owner of the authenticator.