Writing an exploit for every potentially exploitable bug could end up taking more work than
developing the kernel for a start. I don't think anybody sane is suggesting that. If the
number of security bugs is so high that the kernel developers can not possibly keep up with
labeling them as such, then we have a more obvious problem than disclosure. The entire
development model must then come into question if that is the case.
If there are so many public security bugs, how many more must go unnoticed? Bugs that may
never trigger under any normal use? Like the PaX team suggested, it's hard to imagine people
even need to resort to disclosure lists.
I think the only people raising the bar for exploitation are Spender and the PaX team, yet
their work has been completely dismissed for inclusion in the mainline kernel on the basis
that Linus doesn't like the segmentation logic of PaX.