An important set of stable kernel updates

That's the problem I think -- if there are all these voices that agree, I certainly haven't heard them, and definitely not on this site. You can go back to around 2005 or so I think when we first started pressing the issue about the disconnect between the "full disclosure" policy mentioned in Documentation/SecurityBugs vs the obfuscation practices of mainly Linus and Greg (which then became an example for other upstream developers) after Chris Wright stopped being involved in the stable kernels. I don't know how to explain the responses we got to what we were saying at the time, people were incredulous, kept coming up with excuse theories of their own as to why this information wasn't being provided instead of the facts staring them in the face, or resorting to some strawman about how we were demanding info on vulns upstream knows nothing about, and how that would destroy development speed. You can see one example of that in the link I posted actually, and the same stuff was repeated over and over again. At some point, after Linus admitted in public he's intentionally obfuscating commit messages, people needed some way to deal with the cognitive dissonance, but instead of admitting being wrong, they bought into this naive "a bug is a bug" mantra to justify the behavior. Most others simply didn't speak up at all, minus a handful of people I recall every now and then -- anyone remotely involved in upstream work (I recall Willy and Eugene) basically shut up about it after Linus and Greg repeated their views a few more times in an authoritative way (or maybe they got tired of complaining to a brick wall). I think with people not having the courage to stand up to Greg and others who in nearly every facet are very much about asserting the status quo (Linus' comments on security at every conference in the past decade or so are basically a repeating of the same few sentences), upstream becomes convinced their view is right, that the suppressed dissent is tacit assent.

-Brad