We know that they cry wolf because we've watched it happen.
In http://lwn.net/Articles/286321/ I demolished spender's analysis of a "trivially
exploitable" bug that hadn't been fixed in stable, and in the follow-up it was revealed that
he hadn't even been looking at stable, but rather at an unreleased kernel tree. I'm no
security expert, just an ordinary engineer who prefers to read for himself rather than
trusting what he's told by self-declared experts. Spender offered no reply, do you think he'd
have pointed out his (very serious) error voluntarily?
Anyone who knows the status of PaX can judge for themselves whether a motive exists for PaX
supporters to rubbish the 2.6 stable series here rather than actually engage with developers.