Why on Earth are people downvoting you? This is an absolute dealbreaker for any messaging app, much less one whose raison d'etre is privacy and secure messaging.
Probably because the common mindset here is that anyone can make a mistake, and that the person who did it learned their lesson and will never do it again.
And to verify, the "mistake" is seeming to not actually care that this was a serious bug for 7 months (cough while they launched MobileCoin)? That is an attitude issue--and one endemic to Signal (which, most charitably, simply doesn't have the resources to sufficiently care sometimes)--not a "mistake" I expect to be easily rectified.
(And as I mention on a nearby post: you don't have to fix it to widely disclose it; like, you don't work in the dark to fix an issue like this for seven months as, even if it were your "top priority": you quickly time box it and then disclose the issue so people can mitigate their exposure or help better crowdsource finding the information you need to fix the issue.)
It also sounded like a very difficult bug to track down, even as a top priority. Requiring a combination of certain settings plus a rare database ID intersection.
Combine that with not logging user behaviour heavily for privacies sake makes this a very tough one to replicate.
All of which was addressed in the bug report.
The realities of software development on a large scale with a privacy focus are sometimes hard to grasp. Although I do admit 7 months for a production release is quite a long time, even factoring in the pandemic and mobile app Play Store release cycles.
So, did they disclose the issue? Were people using Signal warned somewhere that this was a known issue that they were hunting down? (I am guessing not as no one here has been like "oh yeah: everyone using Signal knew to be careful with this feature".) It being a difficult bug to fix doesn't mean that's your only recourse for something this serious.
Does any app push bug report notifications to users? Should Microsoft Windows or Google Chrome warn users every time there’s a bug that can compromise their whole system just by visiting a certain website or downloading random pieces of software only a tiny subset of users will ever be exposed to?
I get the motivation with a security/privacy critical app like Signal but this would also be a UX and customer support nightmare that IRL could grind a project to a halt.
Not to mention expecting users to know how to balance the risks of said bugs vs not using the app at all because they were scared off it. Back to using far less secure options.
I think having public forums to report and track the bugs for more advanced users is probably the right balance.
The better solution is internal fixes and triaging the serious bugs appropriately so they get the attention they need. Instead of just offloading highly technical information barrages to average users.
Temporarily blocking features until a patch is released is something that could make sense. But again only in certain circumstances. You can turn off photo sharing here but other cases it’s not so straight forward without crippling the entire app for a rare bug. It’s a difficult balancing act without a uniform solution.
Let’s be honest, if Telegram or WhatsApp did that mistake, all of that mindset would beat it to death and then jump on its corpse for three days straight.
