On Sun, Mar 15, 2026 at 3:51 PM Daniil Gentili <[email protected]> wrote:
> > > I don't understand the security part. Do you mean that people could report >> security issues for those community branches? If so, then it's completely >> unrealistic as we are already struggling with handling security issues for >> the current branches. >> > > > I honestly do not consider seriously any argument based on "it's too much > load for maintainers", including around security (which is still a > responsibility of feature owners). > > Except feature owners won't be able do any triaging, security impact analysis (deciding whether it's a security issue - this is done by the security team), allocating CVE's, test the patches in our security repo, do the security release and publishing / updating all advisories. And I'm not even considering extra reporting will be required by CRA. So I think you might be underestimating the amount of work for handling security issues. Kind regards, Jakub
