Is their policy more than 90 days? Yes? Fuck 'em; post everything everywhere.
Great, then they should start pushing OS security patches out to devices instead of handing them to manufacturers and carriers and washing their hands of them.
Coincidentally, that's one of the reasons why being denied use of Android is such an obstacle for Huawei, even though it's "open source".
Project Zero has done some great things and improved a lot of security, but this feels like a spiteful slap at a competitor. It's not Google is really vulnerable to the same kind of thing, they've long since shown that the security of older versions of their only real public OS is not their concern.
No I didn't; I said everything and I meant everything. If anything, 90 days is overly generous to Google. If they can't get their shit together in three bloody months, fuck them. Of course, this is Google, so fuck them regardless, but this way you have obvious moral high ground.