does this also apply to individual developers?
should Linux Torvalds or the ffmpeg developers go to jail if they merge a RCE zero-day into the Linux kernel or into ffmpeg?
if you cannot differentiate the 2, :insert rude thing here:
glad you are consistent in your beliefs