After a bit of tug-of-war common sense prevailed and RFC 8212
"External BGP (EBGP) Route Propagation Behavior without Policies"
was published: https://tools.ietf.org/html/rfc8212
This industry has a long history of improving default behavior: DEC MOP
is no longer enabled by default, telnet was swapped out in favor of SSH,
and SHA-1 is now deprecated, so I'm confident we can manage this one
TL;DR This mail offers advice on test scenarios to add to your
evaluation checklist and a call to action to ask your vendor to
implement RFC 8212. Please share this message with other communities.