Track security updates during the Tails code freeze
Originally created by @anonym on #14728 (Redmine)
This affects:
- packages we install from others dists than Debian stable, e.g. from Debian testing or Debian sid. A good example of the problem is the linux kernel which we install from sid; for instance, at the time of the 3.2 freeze we got linux 4.12.12-2, but in the middle of the freeze linux 4.12.13-1 was uploaded to sid, and it was not noticed until the final 3.2 was built so we missed out on several security updates.
- packages we override with our custom APT repo, see e.g. Fix gdk-pixbuf vulnerability (CVE-2017-2862) (#14729 - closed) and Merge Debian's 1.5.19-4+deb10u1 into our patche... (#17144 - closed)
- 1st iteration: ignore tor
- 2nd iteration: same for tor