I mean, if you look at the Notepad++ website this developer seems just as concerned at spamming political messaging all over everything as much as he is with writing the software he's distributing. It's pretty crazy he apparently didn't think to take more basic precautions given he is basically permatrolling Russia and China with his messaging. Big brain moment for him. And meanwhile, after reading that disclosure nonsense none of us even know what's going on - like, should we be formatting machines that were affecting during that timeframe? Was the attack targeted and specific only? Who the fuck knows!
I definitely am not upset at the commenter I replied to, and while I'm definitely upset at the maker of Notepad++ I don't think he qualifies as some random person on the internet. If you publish software that security conscious people use (and certainly Notepad++ is used by tech savvy security-conscious people) then you, really by definition, aren't some random person - that's kinda the whole point. Security conscious and tech savvy people tend not to install things from random people on the internet.
Notepad++ was a trusted website/trusted developer, and they got caught with their pants down doing some truly dumb and lazy shit, and then they published a blogpost that doesn't explain much of anything. So yeah, that's pretty infuriating my friend.