Bug#754744: forbid most packages to depend on or recommend apparmor

[Patrick Schleizer <adrelanos@riseup.net>]

Package: debian-policy
Severity: wishlist

Hi!

Suggested policy addition:

Do not depend on or recommend the apparmor package

Packages must neither depend on nor recommend apparmor, because it would
not only enable AppArmor for this package, but for any packages shipping
an AppArmor profile, which might have unwanted effects. Enabling
AppArmor should require at least one conscious decision by the user.

If you are shipping an AppArmor profile, add apparmor to Suggests.

apparmor-{utils,profiles,profiles-extra} and other packages where this
is useful are exceptions.

Reason:

Before we can automatically enable AppArmor when the userspace tools are
installed, AppArmor maintainer intrigeri said, we must make sure, that
no packages depend on AppArmor, so AppArmor does not get installed even
though the user does not wish this. [1]

Other:

Bastien ROUCARIES would implement this into lintian and asked me to
report this against policiy. [2]

Feel free to change wording / etc. I don't have a strong opinion
there. Whatever you feel appropriate.

Cheers,
Patrick

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702030
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754730