That’s true and for any other project like Nextcloud I would completely agree with you, but Signal is one of those projects that is not really meant (by the developers) to be self-hosted even while it theoretically can since it’s open source.
The way that Signal works you would have to modify the client to point to your own server. The official servers are not going to share their information with yours. Basically what will happen is that only you and a few others would be the only ones using your private Signal. And because you control your own server, even with the old (server-side) code you can still do it just fine if that is your goal.
If you are worried about security, it’s unlikely that someone who happens to know an undisclosed vulnerability in the old Signal code will randomly target your server and hack it. Even if that happens, the client-side encryption which is updated would mean all you have to do is restore from a backup.
And that’s another thing. Even with the new code already available, you still need to keep your own server up-to-date, review logs, make backups, etc. That’s a lot of trouble just to talk to the very few people that are going to download a modified Signal client. So who is really affected by this? We’re talking mostly about people who are doing it for testing, experimenting and learning. Very few people in the grand scheme of things and is not like they couldn’t continue doing this.
It’s not a good thing that an open-source project goes dark, especially for a whole year. I hope this doesn’t happen again with any project. But if it does it’s important to look at the context to understand the extend and severity of the issue. In this case? Barely noticeable for most people.