Additionally, Robert (GnuPG maintainer who wrote this Gist) has attacked  another person who wrote a proof-of-concept filesystem on top of SKS that was intended to highlight how broken the design is.
I have not seen a single open source community that would treat full disclosure with such contempt.
At this point SKS network continues to run exclusively on community goodwill. This attack seems to be specifically targeted on GnuPG maintainers, if attacker were to deliberately try to break SKS, they would target someone like Linus Torvalds.
Alternatively, there are other published vulnerabilities with exploits that allow to take the whole SKS network down within half an hour, which were published more than a year ago. And yet, those have not been used, so far.
I wish they did, as I am hoping for an outcome similar to bitkeeper/git.
So what are the acceptable limits of this "full disclosure"?
With regards to any of the existing SKS exploits specifically: even if any of them were to undergo coordinated disclosure, it wouldn't have helped: trollwot has been available for 5 years, both keyserver-fs and sks-exploit -- for more than a year. Embargoes don't last that long. All three tools still work.
What GnuPG Project effectively tries to do is to stop people from writing about any security problems period, especially those that are hard to fix.
So then, as a mere user, I gotta ask how so much of the Linux ecosystem -- and indeed, so much of the open-source ecosystem -- came to depend on such a fragile thing as the SKS keyserver network. That's kinda mind-blowing.