Sadly, it isn't so-- the further from the vulgarities of production the patches are the less realistic the experience gained from working with them.
I can tell you how to make a perfectly secure computer, grind it down and launch it into the sun.
Part of the rest of the kernel communities complaints about many of these changes is that they aren't sufficiently pragmatic for widescale use or long term maintenance.
PaX is a patch-set, that's fine. People who care enough about low level security can apply it. The market for 'we care about security' is very large. Unfortunately, it still doesn't intersect with 'popular', and at that level one kernel team may be deploying to millions of machines. The mainline kernel (as well as other OS kernels) have drawn features explored through PaX and its predecessors slowly over time, and will likely continue to do so. Writing off PaX as increasingly irrelevant because you personally can't configure it with a button-click on your distro-of-choice simply reflects a profound ignorance of the longer term technical and social environment in which it is developed.
