I think he's just saying that it's hard to draw a circle around security, which is true. In the face of that, you can only proceed as you were. You can make things operate predictably (fix bugs), relative to the design, or you can revise the overall design targets.
To my mind, I see security meaning so many different things to different people (mostly politicians twisting it against the public) and those definitions are different enough that I couldn't reconcile them if I tried, so I don't bother. I just focus on my work. As long as the kernel is 1) reliable and 2) general enough to be used effectively by other projects that think they can define security more universally, the kernel is doing it's job well.
To my mind, I see security meaning so many different things to different people (mostly politicians twisting it against the public) and those definitions are different enough that I couldn't reconcile them if I tried, so I don't bother. I just focus on my work. As long as the kernel is 1) reliable and 2) general enough to be used effectively by other projects that think they can define security more universally, the kernel is doing it's job well.