> The vast majority don't,
another strawman, i never said that the vast majority did.
> including at least two of the three you specifically called out
i didn't call out three, only one. and that one is hard to believe to have escaped attention
given it was already public in the bugzilla with its full impact properly described. *someone*
did everything to not mention 'buffer overflow' there and engaged in creative rewording, you
can't dance around that fact. whether it was discussed on the kernel security list is anyone's
guess (why aren't they public after a while anyway?).
> (Linus doesn't look at every commit to cpufreq, and the other one is
> networking: expecting David Miller to rewrite commit logs for everything
> in the net subsystem is similarly madness: particularly if it's a
> security hole, delaying its propagation to fix *commit logs* is surely
> not sensible).
you keep talking about this need/expectation to rewrite commit logs, i don't know where you
got that from, certainly not from me. i always talked about commits that went in (attention,
i'm about to repeat myself) with the full knowledge and agreement of said kernel developers.
that means that they were well aware of the security impact of the bug and did still choose to
omit that fact. i will throw in another one for you and you tell me the history behind it: