I don't know how well this answers your question. You tell me.
Well enough. The original purpose of the testers repository was forgotten sometime ago, it seems. But still, if it's not too much overwork, why not put the packages for the next release in the developers repository, and the ones that need upgrading between releases in the testers repository (from here, it looks easy :D)?
We could do this as a release goal for Whonix 11. Since we fully control these packages, this should be doable. If we well test this before release, there shouldn't be much need for AppArmor fixes then?
Yes. Actually, the package maintainer becomes the AppArmor profile maintainer, which makes sense. In Ubuntu, lots of profiles are included in the packages. https://bazaar.launchpad.net/~apparmor-dev/apparmor-profiles/master/files/head:/ubuntu/15.04/ (see the files with ~220 bytes size). Most of the daemons, but also bigger clients like Evince.
apparmor_parser -r -T -W /etc/apparmor.d/usr.bin.sdwdate
Looks like it does that all for us automatically? No manual reload required?
I was not meaning a manual reload. I guess dh-apparmor is taking care of that (still in wonder with the debhelper magic), so it's fine.