I've tried to debug the issue with pristine-tar maintainer in https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/326#note_451615 but without a resolution. I suspect it is something in tar or pristine-tar that changed in past years.
Anyway, it is pretty established now that there is no supply chain attack going on, but a bug in tooling. Perhaps you can manually override?
I've tried to debug the issue with pristine-tar maintainer in https:/ /salsa. debian. org/salsa- ci-team/ pipeline/ -/issues/ 326#note_ 451615 but without a resolution. I suspect it is something in tar or pristine-tar that changed in past years.
Anyway, it is pretty established now that there is no supply chain attack going on, but a bug in tooling. Perhaps you can manually override?