Comment 5 for bug 1860456

> The problem AIUI is something to do with ambiguity when multiple different orig tarballs are associated with a single upstream version string

ouch, that is *really* bad. But indeed, that's the case here. Oh well, it's jaunty, right?

updated MR fixes it:

>>> from ubuntutools import archive
>>> archive.UbuntuSourcePackage('akonadi', '1.1.2-0ubuntu1~jaunty1').pull()
Public key not found, could not verify signature
Checksum for akonadi_1.1.2.orig.tar.gz does not match.
>>>

> I suggest you wait to see Colin's patch

there should be a way to disable the checksum checking, whether we tie it into verify_signature or use a separate parameter, regardless of any other patch. updated MR creates --no-verify-checksums param to handle that.

@mapreri MR should be ready for your review and merge