> one way to debug such people is not to feed their delusions by making it
> easier for them to follow this invalid logic.
> the real problem with the idea of tagging all security relevant patches
> is the outcry that will come when patches that are _not_ tagged as being
> security patches end up being found to be security related at some later
> time (including possibly before the kernel is even released)
why would there be an outcry for not disclosing something one didn't know about at the time of disclosure? let me guess, it's just another strawman 'logic' of yours trying to digress from the actual problem: if a developer knows he's fixing a bug with security impact, he must not cover up that fact, simple as that. what he doesn't know is and has always been utterly irrelevant for this discussion.