This article isn't very good, and I'm disappointed at LWN for publishing it.
The problem is that it conflates two separate issues.
Tom Christiansen reported some bugs in Perl's Unicode handling. Bugs are bad, and should obviously be fixed. Perl is on a fixed release schedule of yearly major releases, and currently is in a freeze leading up to the next major release (5.16.0), planned for April of this year. This means that most bug fixes will not make it in for 5.16.0. Fortunately, 5.18.0 is only a year away.
In addition, fixes checked in for 5.18.0 will be considered for inclusion in 5.16.1 (or .2, .3, etc) if they are backwards-compatible.
But I'll also point out that while the bugs have been reported, no one has actually stepped up and fix them. Discussion of delaying the 5.16.0 release for these fixes is especially ridiculous in that context.
Separately, there is also a possible security issue with Perl's Unicode handling, reported to the Perl security list 10 months ago. None of us discussing this here know what that is, because it has not yet been disclosed (and according to Christian Hansen, it's not fixed yet).
Given that it was reported 10 months ago, we can say for sure that is is present in the existing stable release (5.14.2). If I had to guess, I'd guess that it's also present in the 5.12 series of releaess, and probably in 5.10.1 and 5.8.9, both of which are still widely used in the wild.
Presumably if this was easy to fix then a fix would already have been released, so let's assume that it's hard to fix. The security bug will be fixed when it is fixed. But to release it, I suspect the Perl developers will want to coordinate a new release of at least 5.14 and probably 5.12. They may also want to coordinate with distributors to work on patches for 5.8 and 5.10, since those are both still being supported by various distros.
Whether or not 5.16.0 has been released in the time between now and the security fix is pretty much irrelevant. If 5.16.0 has been shipped, then the security fix will necessitate a 5.16.1 release, but so what?
Releasing 5.16.0 will hardly make using Perl *less* secure, and delaying the 5.16.0 release will not make Perl *more* secure.
Releasing 5.16.0 will hardly make Perl *less* buggy, and delaying the 5.16.0 release will not make Perl *more* buggy.
So what exactly is broken about the Perl release process here?