I'm sure this has been brought up before, but I think HN should have a special tab where submissions like this get pinned--Important stores where people need to take action on stuff concerning security holes or political events (e.g. Net neutrality).
People in such responsible positions are on respective announcement mailing lists anyway, and read about those events (and patch their system and/or take other measures) long before the story is upvoted on HN.
For example, every administrator of Debian systems is expected to be subscribed to the "debian-security-announce" mailing list.
Also, everyone who is interested or active in German net politics is subscribed to the "netzpolitik.org" RSS feed, or visits that site regularily.
Waiting until such a story hits HN and reyling on that seems highly dubious to be. As soon as any important story hits social media (such as Twitter, Reddit or HN), all important measures have already been finished. HN is really the end stage here, not the beginning. It is the reaction, not the initiative.
In short: Use the real network and connect directly to the relevant groups. Don't rely on aggregation networks.
(BTW, isn't is almost comical that the latter, rather than the former, are called "social" networks?)
You're right theoretically but I've seen numerous people on important FOSS and closed-source projects positions actually start addressing a problem after it has "gone viral" on HN.
Don't overestimate people; most devs and managers would look the other way if not much internet attention is given to their security issue. If they notice a report on HN they kind of panic and go in damage control mode, and then maybe actually fix the issue itself as well.
Being vocal on a popular and respected forum as HN is important for important issues to get much-needed attention.
Please note: I don't like that this is the truth but alas, I guess this is how Homo Sapiens works: it's not important if you know you screwed up; you can bullsh*t yourself to oblivion and delude your conscience but once many people know about your screw-up, then you suddenly care.
Given the hands-off approach, the PR concerns, and the fact that they have a healthy community of tech-minded people on here from which to recruit from, I find it unlikely that they would do anything perceived as too alienating to anyone.
There's been tons of suggestions about site improvements (much smaller ones, mind you) that have never gained any attention.
Such vulnerabolities would usually only impact a portion of users; and I hope these affected people have more reliable ways to keep up-to-date with vulnerabilities than HN...
