What's the Venn diagram of people stuck with 32-bit hardware and people needing features of newer kernels? Existing kernels will keep working. New devices probably wouldn't support that ancient hardware; seen any new AGP graphics cards lately?
There's not a compelling reason to run a bleeding edge kernel on a 2004 computer, and definitely not one worth justifying making the kernel devs support that setup.
The bulk of CVEs that crossed my desk in the last couple of years were in things that wouldn’t matter on a 32-bit system, like problems in brand new graphics cards or fibre channel or 10G Ethernet, or KVM hosting, or things like that. There wasn’t a huge flood of things affecting older, single-user type systems.
But in any case, I’m sure Red Hat etc would be happy to sell backports of relevant fixes.
It’s not that I’m unsympathetic to people with older systems. I get it. I’ve got old hardware floating around that I’ve successfully kept my wife from ecycling. It’s that I’m also sympathetic to the kernel devs who only have so many hours, and don’t want to use them supporting ancient systems that aren’t still widely used.
If I'm running a living museum of computer history, to let the youth of today experience 15" CRTs and learn the difference between ISA, PCI and AGP slots - I'm probably not connecting my exhibits to the internet.
For legacy hardware like this it's usually not anywhere close to as important as it is for modern systems.
These systems are not being used to browse the modern web, they're too slow.
They're not being used to host production multiuser environments beyond a few retrocomputing homelabbers' toy systems, where the worst case scenario is a restore from backup and banning a user or two rather than data loss/breach and/or legal action.
The ones still in actual active use are almost all appliance systems that mostly haven't seen a kernel update in years or ever because they are usually exist to go with some piece of hardware that never got an in-tree driver and thus can't work with anything much newer than what it shipped with and/or some software that depends on ancient libraries no distro ships anymore. These systems don't need to (and shouldn't) be exposed to untrusted networks, users, or content, they can (and already should) be locked down by a skilled admin to only communicate with the minimum number of systems needed for whatever purpose they serve. If the admin isn't sufficiently skilled to confidently handle that, the system and admin should both be replaced.
---
I have an old IBM PS/2 that's my family's first computer, which still has its original Windows 3.1 install on it. I imaged the original hard drive and moved it to a CF card, but that also means I can screw around with it and not worry about breaking anything because I can just restore the last known good image. I don't connect it to the internet often but if on one of those rare times I happened to somehow stumble upon someone who had been saving a drive-by exploit for IE 3.0 or a RCE against Trumpet Winsock that then infected my system I'd just do the same. Anything this old is small enough to be imaged easily.
There's not a compelling reason to run a bleeding edge kernel on a 2004 computer, and definitely not one worth justifying making the kernel devs support that setup.