[TYPO3-core] Combining security and bugfix releases

[Rik Willems]

> In regards to the process making it hard to have security updates
> decoupled from the bugfix, I think I don't quite understand. Why does a
> security release have to be a snapshot of the source tree? Wouldn't it
> be much easier to take the security patch, apply it to the latest
> release and then release that patched version as the security fix
> release? In fact, that way you could even release the patch by itself
> as well, so people can choose to download just the patch instead of
> downloading a new source tree which is 99% the same as the one they
> already have.

This was my thought exactly when reading the discussion. Are there any 
arguments against this way of working?

Cheers! Rik