So far, we've seen cases where Linux kernel developers have: - suppressed news of security holes - failed to notify the public when said holes were fixed - miscategorized arbitrary code execution bugs as "possible denial of service" (repeatedly) How much of this has to happen before people start considering Linux untrustworthy for servers? Even if serious vulnerabilities are infrequent, this "method" of handling them makes for serious trust issues IMO. I'm not even certain that I would consider a GrSecurity kernel trustworthy. The GrSec team may be more responsible, but they can't audit everything AFAIK; and if the kernel devs continue to drop the ball, how can a GrSec patched kernel be consider trustworthy either? GrSec can mitigate the impact of a lot of vulnerabilities, but not all of them. How is this not a huge problem?