On Wed, Jul 20 2022 at 09:00:28 PM +0200, Kevin Kofler via devel devel@lists.fedoraproject.org wrote:
(The fact that these fixes are not included in the betas, but only dropped into the stable release, also makes the beta testing quite pointless and compromises the stability of the stable releases.)
A little feedback on why this happens. Every time you commit to a web browser engine, nation states scrutinize the commit looking for vulnerabilities that can be abused to hack users: both new vulnerabilities introduced in the commit, and also any vulnerabilities fixed in the commit. So it's unfortunately become important to minimize the amount of time between when the fix hits open source vs. when it reaches users. We've been struggling with this problem over in WebKit because we've historically been too transparent with security-relevant commits.
Michael