Yeah and I agree that in principle we should be trying to move to cryptosystems which aren’t known to be broken by quantum algorithms. I just don’t think the argument in the article is sound. There are costs, including actual security risks, inherent to switching. To name a couple:

1. There will be implementation errors any time a new cryptosystem is implemented; this is practically inevitable especially if you are trying to rush the process through in 3 years.
2. Quantum-unbroken systems are slower and require bigger keys than elliptic curve systems. Users will be inconvenienced by the resulting performance hit, which will both impede adoption of cryptography in general, and tempt implementors into using incorrect parameters.

You have to actually weigh the benefits of resistance to quantum computers (which may or may not actually appear) against these costs (which certainly will). Paranoia isn’t a threat model.

And to be clear cryptographers already know these things and if they still think we should all move to lattice cryptosystems despite the costs then that’s totally fine. I just wish they would write their blog posts to reflect that instead of talking about the 1% thing.