i think you should be having this discussion on lkml, not here. after all, that's where the
kernel devs in question are. also, what is not clear about:
We prefer to fully disclose the bug as soon as possible.
(quote from Documentation/SecurityBugs)? it later elaborates only on the disclosure date,
never on the extent of the disclosure. in other words, nothing ever even just hints at
possible partial or non-disclosure at all. and that's exactly what has happened as you can see
from the few examples in this thread. what else do you really want to put into writing?
as for -stable, i guess you haven't read the whole thread, so please do so now and understand
that the problems don't start with -stable per se (most of the time, there're exceptions like
the ptrace case documented above), it's way before and for these security related bugs, on a
closed and secret list (read: noone is accountable, that's why they think they can get away