This policy isn’t documented anywhere, so I cannot be surprised this causes confusion.
Tickets fixed in phabricator don’t indicate that upgraded packages are pushed to the stable (or even developer) version of Whonix. I seldom do Whonix stable upgrades. They’re risky. (Risk to mess up the apt-get upgrading so that everyone has to enter commands manually to fix it. No other dangers.) I am trying to provide a stable experience, that is not push stable upgrades that mess up things.
Of course, had we more devs and a stable release manager, then this of course should have been in an upgrades package. Specifically the apparmor packages don’t get upgrades in Whonix stable. The fix gets easily available only after the next stable release of Whonix (Whonix 14).
Meanwhile, this fix has to be manually applied. That’s why AppArmor unfortunately is “advanced users only” and not pre-installed by default since it wouldn’t work well with a stable version Whonix experience.
review in phabricator means, “so far done in the latest source code version of Whonix” (no release) but should be tested if it works for real in the next Whonix developers-only or testers-only release.
resolved in phabricator means, done in the development version of Whonix.
We don’t have anything to indicate status in the stable release of Whonix.