I suppose if there's ever a super critical vulnerability that could dramatically affect people, we can talk about any other actions then.The only action that makes sense is for someone to make sure that the package in question is rebuilt right away for any platform that has built the previous version.
That's what I've been doing, when the need arises. If / when there's a pullup for git-base, I'll do that.
However, I think it's never ok to go deleting things because someone things the vuln is super scary and that therefore they are deciding on behalf of others than non-functional is better. That would be like audit-packages removing packages from people's machines, if they have a vulnerability entry.
Oh - I'd never presume to delete anyone else's and would leave that to others (builders, core, whomever).
John