> In all this (by now extremely tiresome) discussion I have seen not a
> shred of evidence of wrongdoing.
would that be because you haven't actually seen/read everything? if you have, please tell me
the history of this commit/bug:
if you don't see it immediately from the linked commit it's because it was intentionally
omitted. but you can always ask the committer. will you?
> Perhaps carelessness, perhaps people not seeing potential security
> problems. Bugs get fixed, most developers care that it is a bug and
> don't care much if it might be a security problem.
that shows how much of the discussion you saw. pretty much nothing. the issue is *not* with
people not realizing the security impact of bugs (noone expects people to disclose what they
don't know), but rather with intentional withholding/downplaying the same when it *is* known
to them. i gave you a lead above, try to find out what happened there and be shocked.