> criticizing and naming exploits after people you'd like to publicly shame is fun
it's not fun but it's what works for kernel developers. this is what Linus himself said in the past at least:
"I really _despise_ people who think security is an issue of hiding
bugs. If they then try to make themselves look good ("no zero-day
exploit, we fixed it immediately"), they're worse than low.
The only thing that seems to work for security is public shaming.
And yeah, I get personally embarrassed by some of the things we've
had too, and some of that public shaming from the bug can well fall
on me. I've had cases where I've simply _forgotten_ about some bug
that was reported to me, or more commpnly [sic] just overlooked it.
Shame on me. That's ok."
> but wouldn't fixing problems be even more productive?
but we've always done that. what we find and fix ourselves is released in our patches (without the fanfare).