Security backports should be reviewed
@engwan mentioned on Slack that currently the templates we use for security MRs make no mention of backports having to be reviewed. They very much should be reviewed, as the changes necessary may differ (slightly) between versions. Without adequate code review, release managers can not be certain that the merge request won't break anything.