[timeon]

I agree in general (also things have tendency to escalate to unnecessary drama through re-posts and comments on the social networks) but:

> as a security vulnerability, so that throws much of the usual process out the window; it needed to be fixed quickly

Was not the bug reported originally six years ago?

[ebiggers]

It may have been, but security impact is often not recognized right away. The older report was not sent to security@kernel.org and did not include a root cause analysis.