Package: aptitude Version: 0.8.7-1 Just as a followup on this (despite opening the bug I didn't receive mail from it after the first response??) - src/cmdline/cmdline_changelog.cc:do_cmdline_changelog has the following comment:
======================================================================== // For real packages/versions, we can do a sanity check on the // version and warn the user if it looks like it doesn't have a // corresponding source package. ======================================================================== It then proceeds to use aptitude::apt::check_valid_origin shortly after - so it isn't a security check etc. The other usage is in src/view_changelog.cc:view_changelog, where it is probably used as a crutch to avoid validating the changelog data directly: ======================================================================== // check if we know the origin if ( ! aptitude::apt::check_valid_origin(ver) ) { check_apt_errors(); return; } ...<proceeds to start processing the data> ========================================================================
signature.asc
Description: OpenPGP digital signature