(no title)

But going about your normal patch cycle as normal for things not labelled "Security Patch", just means if the patch for some reason should have been tagged but wasn't, you're in the same situation.

I do see the value in your approach, but it just does not change anything for applications where security is top priority.