2 - The allegation is the blockstream core devs were behind the malicious attacks against the BU nodes this afternoon. There is also no question that Peter Todd (a blockstream core dev) did not responsibly disclose the bug that he was made aware of in the BU code.
This is not true. The bug was discovered and patched by BU devs first. Todd simply tweeted about it.
It still violates responsible disclosure principals and was very unethical.
No it doesn't because nothing was disclosed that wasn't already public. The BU devs committed a fix for that bug an hour before Todd decided to tweet about it. It was public info!
A bug/exploit by definition is public information. The fix was not yet implemented and therefore pointing to the exploit very publicly and drawing attention to the exploit was unethical.
If Peter Todd worked for any half reputable company, he would have been fired for doing this.