stable@ is not a list, just an address to post things you think should
be fixed in stable releases. There is no secrecy there, you can simply
CC LKML if you want (and preferably the patch reporter first in order
to get information about relevance). I sometimes proceed like this.
I have no problem with your policy about not posting to private lists.
Davem does the same, and I respect this. Then you'd better check the
oss-security list : http://oss-security.openwall.org/wiki/
It is public, talks about security issues in opensource software
(including linux), and many of the closed lists members are there.