Seems like I may have my terminology confused. In my mind all updates are a "patch" (e.g. security hotfix, product update, etc.).
Guess I figured they would keep a branch of their source, and apply things like security fixes to a minor version and release both. For example, if I released v1.0.0 and v2.0.0, and there was a security problem that would affect both then I'd port it both supported branches like v1.0.1 and v2.0.1. When I updated, the latest version would have all the security updates.
I've only been using Linux for ~2 years. and funny enough I've already experienced the same thing. The first 6 months using Linux was just trying every different distros/windowing system combination possible. When I finally found my most optimal setup, they changed it into some horrible thing called Unity. So for a short time I went back to Windows, until I lost my mind over loss of functionality, and came back to Linux-land.
The second most frustrating thing is lack of decent graphics drivers. It took me weeks to figure out the optimal setup for the stupid nvidia optimus card.
I'd love to recommend Linux to my friends and family but I can't until they can do things like run Photoshop, play video games, and not have to use the command line when things go horribly wrong.
I emailed someone from project honeypot about this same thing. They said they would setup a service where people could submit unauthorized login attempts automatically. (right now my honeypot just emails the result of logwatch --service sshd to an account)
It it useful information. I've used it to contact some providers (e.g. aws, linode, etc.) about the machines making unauthorized attempts. Usually it's from a server hosting a website that hasn't been updated in years.
"The sixties were good to you, weren't they?" -- George Carlin