I know what you mean. I don't consider 7 to be a single digit, or prime either for that matter!

And when the just as the results come in Gibbs always shows up out of the blue! Right Abbs?

"but what would you be saying if it was a bomb and it went off because they were taking too long to figure out if it was a threat?"

That's simple: "What a bunch of idiots! They ruled it NOT a threat based on LOOKS!"

How is that fundamentally different again?

" If the Chinese can build in a CPU core that's two generations newer into a product with support for 3 radio standards and a screen that sells for $5 or so more than the Pi, why is Broadcom struggling with an outdated 12-year-old core on a product with no wireless?"

Oh wait! I know this one! Because we're not in China! (You can offer things at an amazing price point when you pay just slightly more than slave labor wages to your employees.)

You seem to think that realeasing something as Open Source magically causes it to run well on all platforms. It takes work to port the code to different platforms and a commitment to mainaining and reression testing the stack on all those platforms. You need to provide motive to do all that, which is never going to happen. The people who are qualified to develop on and for Linux won't touch it with a ten foot pole.

No. I think I understnd how to interpret a commit log. If the commit was from a trusted source, ignore it. You have just narrowed down your search by at least 2 orders of magnitude. If you have a suspected commiter, scrutinize them. Commit logs go a very long way to taking your OMFG How will anyone analyze every change! to a pleasant rejoicing song of: Hey, it turns out we only have to review a very small subset!

There is no old code; only old auditors :-)

I can assure you, when I analyze any hardware/software system I don't in any manner way shape or form categorize anything, or base any decision on the age of, and subsystem.

I doubt I'm the only competent analyst.

Non-sequitur much?

Somebody should invent commit logs!

"But with Linux most contributors, be they individuals or companies, are primarily concerned with their own projects."

Your definition of contributor is skewed. A FOSS contributor may do so in many ways. Clearly a project lead for a major project isn't going to contribute further by analyzing the ecosystem; their plate is full. There are others, also known as contributors, who do this. Other contributors administer project websites or write documentation. There is a whole wide array of types of contributors.

That being said, clearly there are more developers than people doing security audits, and it would be nice to see more contribtors in all the other categories, actually.

That is correct. In the world of the big boys we release updates on a moment by moment basis, thereby avoiding as much as a months delay for no good reason. :-)

In Open Source vernacular, we call that becoming more and more secure :-)

And how, prey tell, do you expect the developers to sign their packages with everybody else's private keys? If they do that the update will fail, because the package manager isn't going to install a package from an Ubuntu repository that isn't signed by Cannonical's private key, for example.

"... for those that were stupid enough to think that something electronic and stored in a common format over a common communications medium was secure.

Stupid enough? I hate to break it to you, but most if not all secure systems work in exactly the way you decry to be "stupid". Maybe you've heard of SSL?

You''re a troll. Plain and simple. I have been installing Linux on computers for more than 15 years. I have yet to be unable to get a computer to run flawlessly with the exception of suspend / resume, and that hasn't been a problem for the last couple of years also.