Comment 14 for bug 2045452

I've tried to debug the issue with pristine-tar maintainer in https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/326#note_451615 but without a resolution. I suspect it is something in tar or pristine-tar that changed in past years.

Anyway, it is pretty established now that there is no supply chain attack going on, but a bug in tooling. Perhaps you can manually override?