alt Hacker NewsWould you hold off on fixing a security vulnerability if it caused a limited regression?
Regressions should be fixed expediently, but if you apply the criteria "need to not happen" they are literally blocking issues. They could then block security fixes.
Which part of security fixing demands thoughtless generation of code slop without regression testing though?
I worked on major OSS projects and we never just blindly pushed out untested poor quality code for security fixes since that adds WORSE security regressions.