I’m all in for #1. That’s what we’ve been doing right? Y’all found a critical vulnerability before, and it didn’t fuck up the hard fork schedule, at least I don’t think so.
So if we go with option #1 as planned, and that vulnerability instead would had been discovered in 2021, there wouldn’t have been any scheduled soft forks to sneak the fix into. We would have needed to come up with a “community justification” for why a hard fork would be required, and hope there would be enough agreement for an upgrade. The RFC that proposed the fix was “enable faster sync”. Not sure that would have been a compelling enough of a use case for a hard fork on its own. And screaming “there’s a critical vulnerability!!” would have increased the likelihood of it being discovered and exploited before any fork.
Plus, we were due for a critical vulnerability, and we already found it, so we’re not due for another one of those in a long time, or maybe ever, hopefully never.
While I wish it worked this way, I’m not sure does.