Nostr reply spam and DDoS are very different. I think of the former as a gray hat disclosing a security vulnerability in the open, forcing devs to patch. The latter helps no one since it only eats resources. DDoS can't be outsmarted, reply spam can and should be.
Discussion
like Mark Hamill says: go force yourself
Are you sure that „patch“ improves the product?
Probably will, yes. If the problem must surface sooner or later, why not fix it sooner?
because the guys who do the actual work and know the system decided that their time is used best for other tasks.
Every system is flawed. If everyone starts forcing the issues that they want to be fixed while there is not shortage of work to be done, we end up in a shitty situation with every problem increased to its maximum.
It is not like that duck found and published an exploit. He made what is common knowledge more annoying.
To be fair there's never a shortage of work to be done. And you're right, they didn't disclose a vulnerability but my point is that the role of gray hats typically is to emphasize known issues exactly because they are known but remain unfixed. I hold the position that shitty situations create better systems or fast-track the inevitable failure of bad systems. Dev time is truly lost on projects that are doomed to fail but do so slowly.
for this to work the gray hat has to have a better understanding of the situation than the devs.