Comment 7 for bug 1845263

@Xnox - I did a similar check, not a deep look but maybe 30 minutes of diff parsing.
I did come to the same conclusion. My gut feeling was more like "If security wants to get TLSv1.3 into Bionic Apache then we'd be better off considering to make the 2.4.38 of Disco available in Bionic (with all the Pros and Cons that comes with).

So yeah, IMHO 'Won't Fix' or 'Consider backport new major version'. In between those two would be the backports pocket, but the support statement for -backports is too weak.