Which poor sod will be the victim in 7 days at least before pushing to stable? ;) Then comes another question, does security updates need to be treat as special? It's just an original update with a tag "security alert", but users still need to wait 7 days unless they enable updates-testing.