OK, this is a kind of "smoking gun" - in spite of the "full disclosure policy", a kernel
developer tried to avoid full disclosure. But still, I'd like to get back to the Napoleon
quote. Maybe the translations altered the meaning of the proverb, but I understood that
"incompetence" contained "simple human mistake" too. This quote you shoved does not prove
malice for me, it could be a simple human mistake (or if a security professional goes for
"security through obscurity", than it's a sign of incompetence).
As a software developer, I know that we have a couple of rules that we should obey (just like
the kernel developers have rules e.g. for full disclosure). I also know that we tend to break
these rules: out of ignorance, convenience, lack of time, sometimes incompetence - but I've
never seen someone break these rules maliciously.
Even the amount of exploitable security bugs not labelled as such does not prove malice for me
- after all, there are many people fixing these errors, they can make many mistakes. I believe
your standards are just too high. A security professional should be exceptionally paranoid,
but even most kernel developers are not that paranoid.
I think this thread shows that there are other problems with the current kernel development
process, not just those that are usually mentioned (lack of review, regressions, etc.).