Separate linux-image security vs non-security package upgrades
Hi!
There is quite some churn in the linux-image packages, with new releases often. For a production system, I want to reboot as soon as a new image is available that contains security fixes, however I would not want to do that for "normal" bugfixes; to reduce downtime, and reduce the risks associated with a reboot of a machine installed in a remote data centre.
Frequent new packages is a good thing, so this bug report is mostly a request to somehow separate security from non-security uploads. Would it make sense to put security-fixes into aramo-security? And have aramo-updates be for general bug fixes which can be pumped up more often. Then I could probably setup some Apt Pining to only upgrade linux-image* from aramo-security and skip the aramo-update packages.
This may be another example of the problem described in #37, but I'm not sure, and my scenario seems more problematic than the one described in #37 and it may have different solutions, so I'm opening this bug report to get discussion going around what solutions there could be.
Thank you for consideration, /Simon