Please don't compare us to Coverity. From every angle, this is just an incredibly poor argument (and I'm not even covering all the ways in this post). BTW, if I were as pretend-concerned as you with contrived conspiracies, I'd apply your academic analysis to your own exec-shield work.
Our source is open for anyone to use. We have no "marketing and economic constraints." And sorry, but the only thing 'circus'-like is upstream's approach to security.
You were already linked by the parent poster to the initial split-out const patches I made up over a year ago. What happened after that is quite typical of upstream's handling of security; it's treated more as a nuisance, something to brush out of the way by means of token gifts of minor improvements. There's no overarching goal or dedication to completeness; the recent thread on /proc/kallsyms that you participated in is a perfect example of this cargo-cult security. So someone will merge a few small patches that are ultimately useless by themselves, and then the idea will be dropped again until someone like the parent poster points out the stupidity of not having merged all of them.
We'll also ignore the fact that all of the const patches were already split up and sent to LKML multiple times, but that only a tiny fraction of them were merged.
So don't regurgitate this inapplicable 'security circus' crap from Linus and act as if it's profound; it's not. There's a simple truth here: upstream had more than enough opportunity over several years to adopt the changes, the work having already been done multiple times by multiple people. Nobody's holding on to any code or trying to prevent it from being merged. If upstream wanted it merged all they had to do was accept the submitted patches.
Look and see for yourself what happened in the most recent attempt: http://lkml.org/lkml/2009/12/4/346
I think that entire effort only reduced our patch size by about 50kb (out of what is nearing 2MB).
As far as where our own interests lie, it's in reducing the amount of time required for the patches. The time spent maintaining the const patches on our end is next to nothing (just some trivial rejects from nearby changes). The time and frustration involved in getting them all merged upstream is ridiculous. Even when some do get merged, more get added in in the following release that need to be fixed because there's no enforced upstream policy on the const-ness of various structures. So what happens? Upstream doesn't bother fixing them. Emese, the author of the set submitted to LKML, now maintains them just for us as there's no red-tape and no hassle.
Your backhanded derision in the form of a disingenuous question, posed as a faux-naive outside observer, belies the fact that if upstream is looking for someone to blame as explanation for why the changes haven't been merged, it needs only to look in the mirror.