Another reflection: I'm not sure that API call is the best way to figure out which orig.tar's are relevant. The canonical source for this is the *.changes file for the particular suite, isn't it? Or secondary, the information in the Sources file on mirrors. So the logic could be something like:
* For an upload of package X version (E:)Y-Z into suite S where Y is upstream version and E/Z is the Debian version, try to lookup package X upstream version Y from Sources on mirrors in suite S, or some internal API accessing *.changes files (which could be faster than relying on mirror pulses) and filter for suite S. * Download the *.orig* files specified in that file. The API you mention doesn't make any guarantee that you get the right *.orig* from a particular suite, does it? So it may return unrelated *.orig* files for some other suite, causing some confusion. /Simon
signature.asc
Description: PGP signature
