Ultimately, the Linux developers should have good legal counsel that represents their interest as individual developers to answer these questions. It probably wouldn't yield the full disclosure corbet is calling for, but it will give the Linux developers assistance from lawyers representing their interests.
It's worth noting here that the Linux Foundation legal team has been quite clear that they don't represent the individual Linux developers. So, Linux developers should seek legal counsel elsewhere, presumably. SFLC (an organization that employees me, BTW) is available, but it is certainly not the only option for this.