285d2c80b9
If the security repo will be enabled or not currently depends on the host's sources.list. So the resulting files differ depending on the host where the test is run. Add a TODO item to break with that "feature". Also mention in the TODO list that a repo on archive.debian.org should be used instead security.debian.org if the release is EoL. Currently the security mirror is hardcoded into the hook.