* On the one hand, to the taste of a number of security researchers (represented here by one member both significant and vocal ;-) ), mainline (Linus' tree) isn't doing enough for security. On the other hand, to the taste of top kernel devs (represented by at least another significant member here), the grsecurity folks aren't doing much to reduce the gap between mainline and grsecurity. And the status quo is not good for users.
* It's sad that several hundreds low-controversy one-/few-liners from the huge grsecurity patch, which can be imported to mainline more easily than lots of other patches, without demonstrable performance or size penalty, remains developed outside of mainline.
Dan Rosenberg gets dozens of small patches, mostly fixes for information leaks, committed in mainline and backported to stable. So mainline does pay at least _some_ attention to security, and does prefer smaller patches, too.
* Brad says that new non-const struct instances are added all the time to mainline. And this is despite checkpatch.pl, which is supposed to be applied by authors before submitting patches, checking more than 30 _ops types for constness. But again, mainline certainly isn't against one-liner-per-type improvements to checkpatch.pl ;-)
And, in case somebody forgets to use checkpatch.pl (we programmers are just humans !), is there a gateway that passes each commit that enters mainline through checkpatch.pl ? Or a gateway integrated with the linux-next infrastructure, so that patches other than staging get hopefully fixed in the individual trees before they enter mainline ?
* Multiple patchsets (e.g. -mmotm and -ck) are provided, between other formats, as broken-out series, for easier consumption and review. I've looked for a broken-out series corresponding to grsecurity, but I haven't been able to find it. I haven't found the scripts for regenerating e.g. the _ops constification either - it's not that it's really hard to re-create them, but it's stupid to duplicate such work. Do I fail at reading Web pages or using a search engine ?