Well, I suppose there are a couple ways to look at it. One is, should this be
Severity: wishlist or Severity: eldrich-horror Another is to note that the file format of a DEB file is deliberately based on cpio and tar formats. And these are deliberately constructed to allow streaming, since they were originally designed to be read and processed from magnetic tapes by machines with very little memory. I'll grant that our machines now have more memory. But streaming access is still enormously faster than random access, due to the way caches and rotating disks and SSD storage works. And Debian variants do run on tiny things like cheap routers and wifi access points. I understand the idea of wanting to validate the file before processing it. But in the unix tradition, maybe that should be a separate tool, called before actually unpacking and installing a package? Things like pulling out the version number seem pretty lightweight compared to full validation of a potentially enormous file. And if things are being validated, where do we stop? Each time we read a property out? Do we cache checksums and recheck them in case the file is changing under us? Are validations cached in a database, recording and using timestamps for invalidation? It's a slippery slope, and sort of violates separation of concerns. I'd suggest that validation is typically unnecessary, because we should be able to recover from an installation that hits an error, and that's the robustness we should be focussing on. Also I really liked my little hack!
