The patch is not integrated because the bias in the existing test
cases that did not detect this flaw needs to be addressed.
The patch isn't forgotten and will be integrated as part of MANDATORY
signature checking. Meanwhile there has been little interest
in forward progress since February.
In fact "LSB package format" adoption and revisiting header+payload
signatures re-re-re-adding header+payload signatures hasn't started,
and so I haven't added this patch.
The patch is not integrated because the bias in the existing test
cases that did not detect this flaw needs to be addressed.
The patch isn't forgotten and will be integrated as part of MANDATORY
signature checking. Meanwhile there has been little interest
in forward progress since February.
In fact "LSB package format" adoption and revisiting header+payload
signatures re-re-re-adding header+payload signatures hasn't started,
and so I haven't added this patch.