To me, this flamewar serves as proof of one thing: the kernel is far less secure than many
people imagine. The degree of insecurity is such that most stable updates should have multiple
CVE numbers attached. Linus, apparently, has gotten annoyed by the time-density of security
alerts, but instead of fixing the underlying issue (the development process that produces
insecure code), decided to hide the security aspects of patches.
The kernel code quality has been criticized in the recent past - but for introducing too many
regressions. There are calls for more resources to be spend on regression tracking, and even
for a mostly-bugfix releases to reduce the number of regressions. I believe that similar
resources and propaganda efforts should also be spent on security. Maybe it's time for a
security-only release - for 3 months spent not on new features, but on analyzing the security
implications in the kernel, and on finally draining the morass of insecure code. The users
will thank the kernel team for it.