And if you want to be "suitably cynical" I suppose the reason why the distributors haven't
been doing a whole lot of complaining about how security fixes are handled is because not
having as many disclosed security vulnerabilities in the Linux kernel makes it look like less
of a mess.
Even Linus says himself that "they mostly do a crap job at it, only focusing on a small
percentage (the ones that were considered to be "big issues")"