Comment 3 for bug 35528

I don't know what Dapper's security policy is, so I can't be specific, but wouldn't a potential remote exploit pretty much automatically qualify for a backport?

(And isn't the point of all this malone complexity to handle the distinction between dapper and edgy, so that opening another bug is not necessary to get it fixed in two versions?)