>> 1. I've little experience maintaining profiles in a cross-distro way,
>>    but I suspect that tunables should be enough to cope with most
>>    distribution-specific deltas. What do you think?

It does cope with many, but not all. We need to be able to cope with
different application versions, application configurations, apparmor
userspace versions, apparmor kernel versions, and different policy
goals. I think different policy goals is the one that is the hardest
to support, but even it could benefit from being able to merge in
changes from an upstream that is collecting different changes.

>> 2. Was this discussed previously? Was the idea of a cross-distro VCS
>>    repository for shared maintenance of profiles investigated yet?
its one of those bikeshedding topics :)

