While I don't disagree with the theory, it's not workable with the current state, as I don't have enough free cycles to think about actually updating any packages an/or doing the testing. One has to keep in mind that in the past life this was nearly a full time job for 2 people to identify, fix build, test, release updates for the supported releases. The people that have inquired about helping with security issues quickly go away when they find out how inglorious(sic) it is.