[KuiN]

This is the really concerning part. silently fixed in the upstream git is not at all an acceptable way to deal with serious security flaws in your product.

[grhmc]

This is frequently how the linux kernel operates.

[gshulegaard]

Just to be clear, systemd is not part of the Linux kernel.

Also, if you are going to make a broad claim like that I would appreciate some citations/examples. I have no idea if you are wrong or right on the whole, but without examples I can't learn myself.

[kuschku]

See for example here: https://news.ycombinator.com/item?id=13472329

[sounds]

It is not done silently - lack of a public announcement is not the same thing as radio silence. (For CVEs affecting the linux kernel)

[ungamed]

The distro vendors are the ones who frequently pull apart commit logs to be documented.