<quote name="Ryan Lane" date="2014-02-20" time="14:37:01 -0800">
Note that unless you're willing to keep up to date with WMF's relatively fast pace of branching, you're going to miss security updates. No matter what, if you use git you're going to get security updates slower, since they are released into the tarballs first, then merged into master, then branches (is this accurate?). Sometimes the current WMF branch won't even get the security updates since they are already merged locally onto Wikimedia's deployment server.
That's a good point, with one small clarification/rewording: Someone who's following wmfXX branches will get the security fixes the next branch after the tarball is released. That's usually with in the working week (we tend to release tarballs on Mon/Tues, with new branches on Thursday).
So, yes, if you're pacing behind on the wmfXX branches, you'll want to take note of security releases and backport patches as appropriate (all security bugs have single patches attached to the Bugzilla report, and those are made public after the tarball is released).
Greg