[DONE] Whonix stable apt repository upgrades policy

Until now I maintained strict policy for upgrades in Whonix stable apt repository:

• only fix grave usability bugs, such as the Tor Browser 4.x compatibility fix
• and of course also planned to also ship security fixes should issues be reported

This is similar to Debian stable.

The reason is, should I also add other upgrades before a major version and through testing, an upgrade could create a mess for everyone. Not as in security, but as in broken dependencies, upgrader and such stuff. The prevent such a worst case, this policy is in place.

I am considering to make an exception for packages that are not installed by default where the gain would be huge. The Whonix AppArmor profiles. (https://github.com/Whonix?query=apparmor-profile-)

Related:
https://www.whonix.org/forum/index.php/topic,97.msg4978.html#msg4978

Assuming lazy consensus (https://www.whonix.org/blog/issues-alternatives-democracy#Lazy_Consensus) here in 3 days.

I am considering to make an exception for packages that are not installed by default where the gain would be huge. The Whonix AppArmor profiles. (https://github.com/Whonix?query=apparmor-profile-)

I agree. They seem to be going substantial improvement all the time that I want to take advantage of much sooner than the next major release. Also the TBB changes and breakage it causes to apparmor profiles warrants a more dynamic release cycle for apparmor packages IMO.

Of course, I’m strongly in favor of making that exception. By the way, could you reply to igotwhonixd in https://www.whonix.org/forum/index.php?action=profile;u=629?

The reply should be to https://www.whonix.org/forum/index.php/topic,660.msg5110.html#msg5110.

In the specific case of AppArmor it’s a bit more problematic. I’ll discuss the details here:
https://www.whonix.org/forum/index.php/topic,97.msg5449.html#msg5449