Comment 6 for bug 1860780

sergiusens and cjwatson,

after more digging, I've found:

- The bootable buildd image work that recently merged into the
  ubuntu/master (focal) branch inadvertently enabled the updates and
  security pockets in /etc/apt/sources.list

  - By switching the image format from 'none' to 'ext4', we now hit this
    block in livecd-rootfs:

    https://git.launchpad.net/livecd-rootfs/tree/live-build/functions?id=8f76e539b1c8f4473dbf4627a0961bdb3732c7c6#n771

- Once the bootable buildd image work is backported to bionic, the
  updates and security pockets will be enabled there, too.

- Even with these changes, the bootable images are built only with
  packages from the release pocket. If we'd like to pull in the latest
  packages from updates or security, we could do something like the
  following attached MP:

  https://code.launchpad.net/~davidkrauser/livecd-rootfs/+git/livecd-rootfs/+ref/buildd-image-perform-upgrade

  - Is this something that we want to do? Some of my thoughts:

    - Snapcraft is the only group consuming the bootable images, and if
      snaps are always built with updates, this will save a lot of time.

    - The original release plan included gating bootable images on
      launchpad giving a +1 on the lxd tarballs. That will be less
      useful if the images have widely different contents.