> It’s not horribly broken any more than your toaster is for not needing constant updates.
I don't know where this sense of "stable" in the community comes from. Software isn't perfect and gets fixed all the time. Yes, there are packages with different maintained stable branches that you can pin for your LTS distribution but this is by far the minority. For the other stuff you constantly have to work around missing features or existing bugs. E.g., why do I have to compile "jq" by myself just because the outdated package crashes on certain inputs?!
The "outdated" package, probably has all these security fixes [0]. That's why it exists - to maintain something safely. You step back from latest and greatest, to not get a compromised system the next time something goes wrong.
What's so hard? A developer finds a bug, fixes it, publishes a new release at some point, done. Versus someone else finds a bug, maybe opens a CVE, bug gets fixed, maintainer might notice it, backports patch and fixes (or breaks) the package. The latter CVE case is the rare case, hence all the crashes. E.g. Busybox is famous for that. They have a plethora of security issues documented in their bug tracker. Sometimes they even get fixed but most of them never get a CVE, issues stay open and you can guess if it's vulnerable or not (usually it is, don't use it).
I don't know where this sense of "stable" in the community comes from. Software isn't perfect and gets fixed all the time. Yes, there are packages with different maintained stable branches that you can pin for your LTS distribution but this is by far the minority. For the other stuff you constantly have to work around missing features or existing bugs. E.g., why do I have to compile "jq" by myself just because the outdated package crashes on certain inputs?!