Let's talk about that after a patch has been made available. ;)

In the meantime, here are two links to sections from "Producing Open Source Software", by Subversion's Karl Fogel. They should give you some idea about how things will unfold from here, and perhaps prepare us for a post-mortem once this bug has been buried.

http://producingoss.com/html-chunk/release-lines.html#security-releases
http://producingoss.com/html-chunk/publicity.html#security