Comment 7 for bug 1860456

> I've seen such packages uploaded last year too

that's unfortunate and quite bad.

> And a flag such as `--no-verify-checksums` sounds a very bad idea to have to me.

ok i removed that patch; the MR still resolves this bug.