[$] What constitutes disclosure of a kernel vulnerability?

Opinions differ on the best way to disclose security vulnerabilities, butthere is a general consensus in our community that vulnerabilitiesshould, indeed, be made public at some point. What happens between the discovery of avulnerability and its disclosure can be more controversial. A recentdiscussion on the handling of kernel vulnerabilities has led to change inthe policies of the linux-distros mailing list - all based on the questionof what constitutes "disclosure".