I've been around distros small and big for a long time now, and personally I've come to the conclusion that I will not do embargoes for things I have any say or choice in, and I will not join lists that enforce embargoes on my behalf. [I've had people try the "but we put you on the CC with such a list on the CC as well so you're also under the embargo", but I just laughed at the guy... that was just so sad it was funny]
The tradeoff of leaving a wide range of users vulnerable during the embargo does not, in my mind, extend to 2 weeks... If you as a distro can't get a mitigation out in 24 hours, with maybe a more complete fix in 72 hours, then frankly, fix your internal processes. That's not a reason to keep people vulnerable for a very long time.