Tails ISO has $stable-proposed-updates enabled when Debian/Tails release timing don't play nicely together
Originally created by @intrigeri on #12169 (Redmine)
We see this in Tails 2.10. That’s fine at ISO build time (we were using an APT snapshot that gave us essentially the latest Jessie point-release as a result) but it’s not OK at runtime: it means that Tails users who install additional packages will get it before Debian users would.
If we don’t do anything about it, this will be the case until next Tails major release (2.12). It’s too late to fix that in 2.10, but IMO we should mitigate it in 2.11.
Maybe we need to make
config/chroot_local-includes/lib/live/config/1500-reconfigure-APT
disable proposed-updates sources?
Feature Branch: bugfix/12169-disable-proposed-updates