Honestly, I don't understand most of the details on the actual security systems being discussed here. But I *can* understand being locked into a frustrating system that is unreasonably hard to use, despite the benefits. Reviewing the thread, Linus speaks crystal clear common sense and still leaves a wide opening for hard data to initiate changes, rather than the current analogy and opinion.

I'm glad he's in the leadership position he's in.

Most people in the computer industry already know that "security people" are an insane bunch. You pretty much have to be. No sane person can possibly lock down every possible attack vector to a complicated system, as it requires a great amount of understanding of each attack vector and affected subsystem. 

Sane people of any discipline apply "best practices", which is synonymous with "I don't have the knowledge, resources, or ability to do this... so I'll use a bullet list I found on the internet". Security workers actually come close to having the maddeningly huge foundation to apply real security, and end up having to dumb it down into said checklists so that us normal people can get a good nights sleep.

Anytime you find a combination of perfectionist and apathetic qualities in the same place, you find insanity. Security encompasses this to the extreme.

Frank

... Most security folks I know in IT are officious, callous, superstitious and incompetent control freaks: the Vogons of IT.

OTOH, developers tend to be self-absorbed, arrogant asses who are more than happy to slam crap buggy code into production.

Both are the bane of sysadmins.

Bullseye, Linus.

The only people more arrogant than the security guys are the jerks who manage to break into your stuff. Suddenly the security guys seem a lot more reasonable.