@quoll @stefano Back-ported patches are indeed a nuisance in terms of security assessment. But of course it doesn't help to be stupid about the fact.
(And I won't dispute that OSs like that have their place. Like for systems where a difficult or expensive to obtain certification is tied to a specific OS version.)