Comment 7 for bug 1933269

After discussing, the Vulnerability Management Team members have concluded that the in-progress but incomplete RBAC implementation in various projects does not rise to the level of requiring a published security advisory, particularly as this work is likely to take place primarily in development branches and not be backported to supported stable branches. Some clearer documentation on behalf of the implementing projects is likely warranted in order to warn users of the caveats and potential pitfalls of relying on RBAC in its current state, but that's separate from whether or not we publish advisories about any fixes which may merge to complete the implementation.