if you don't feel and responsibility for anyone but your users and have no intent to try and push the fixes upstream,then your tree just became pretty irrelavent to linux security for anyone except for your users.
some people may choose to try and parse things apart to get them upstream, but very few people will want to try, so the security fixes that get into the kernel will be developed independantly (even though you will make a lot of noise each time someone recreates your work)
if you don't care about normal linux users, only your users, please quiet down about upstreams's policies, you've just said you don't care about anyone that uses it, so why should you care about it's policies?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds