intrigeri: > But I'm not sure what's the best way to pull the apparmor package:
> 1. on testing/sid upgrades, during the Buster dev cycle: this would > greatly increase the value of the "enable AppArmor by default for > a while" experiment; > 2. during Stretch to Buster upgrades: this seems necessary so every > user gets the AppArmor benefits, regardless of when they installed > their system initially. > I could not find anything better so far than having another package, > that's already installed by default, add a "Recommends: apparmor" (I'm > assuming that APT installs newly recommended packages by default on > upgrade). This feels artificial and rather ugly, but it might be the > only option. I'll ask more people around. I've just asked help on debian-devel@ about it.
