for this to get "noticed"?
so much for open standards and open source software... 'its safe. you can look at the code yourself"... it took two and a half fucking years for someone to do just that.. and just to find an easter egg, not an embedded and obscured vulnerability.
No, it didn't take 2.5 years to get noticed. Look at the comments on the final commit, it was noticed and commented on by another team member the same day it went in. https://github.com/http2/http2...
The public didn't notice, but I'm sure many people involved in the project did... the commit wasn't in any way obscured. It just wasn't interesting enough for anyone else to notice.