Kalev Lember wrote:
If upstream really issues security fixes for 4.x-1,
Their security advisories include patches, which usually either apply just
fine to the old releases or have a version for the old releases included.
then this is pretty much perfect. We get 4 or 5 bug fix releases,
and
after that only security fixes. One would imagine that with 4 or 5 bug fix
releases that branch has become stable enough to not need massive patch
backporting.
But this is really just imagination. 4.4.0 fixes hundreds if not thousands
of bugs compared to 4.3.5 (upstream claims 7293 bugs and 1433 RFEs have been
fixed in 4.4.0, but that is some automated Bugzilla query which probably
doesn't understand the exact release the bug was fixed in, so this may be
compared to 4.3.0 rather than 4.3.5). Such a large piece of software will
always have bugs. "If it ain't broke, don't fix it" doesn't really
work on
that kind of software.
Kevin Kofler