On 11/08/2021 20:20, Kurt Roeckx wrote:
But fixing them in stable branches is going to cause people problems and prevent them from upgrading to a newer version and getting other security fixes.
This is actually an important point. We *want* people to upgrade to the latest patch release of a stable branch to ensure they get the latest security fixes. If we introduce "fixes" that actually break people's applications then their response will be to *not* upgrade at all. Therefore, even though such a breaking fix might have been introduced with the best of intentions (to fix a possible (unspecified) security risk), it might actually have the opposite effect and make our users *more* vulnerable to security risks.
Matt
