Dear Guillem Jover and Debian Project, I am writing as a member of the public to respectfully request written confirmation regarding publicly available information hosted in the official Debian package repository at packages.debian.org. I understand this repository to constitute a public record maintained under the GNU Affero General Public License, version 3 (GNU AGPLv3+).
I am independently verifying the provenance of files present on my Chromebook running a Debian 12 (bookworm) Linux environment provisioned by Google Crostini. In preparing this inquiry, I have reviewed and relied upon the following public records: - Official package listing: packages.debian.org/bookworm/dpkg - Official file list: packages.debian.org/bookworm/amd64/dpkg/filelist - Official changelog: metadata.ftp-master.debian.org/changelogs/main/d/dpkg/dpkg_1.21.22_changelog - Debian Policy Manual, version 4.7.3.0, released December 23, 2025 - GNU Affero General Public License, version 3, dated November 19, 2007 I note that Section 4.4 of the Debian Policy Manual establishes the changelog as the authoritative record of package versioning, and that Section 4.7 establishes that modification timestamps in packages carry policy-governed meaning. My inquiry is grounded in these published standards and in the rights granted to me as a recipient of software distributed under the GNU AGPLv3+, specifically the rights affirmed under Sections 2, 4, and 10 of that license. I respectfully request written confirmation of the following: 1. That dpkg version 1.21.22 was released to the official Debian archive on or around Thursday, May 11, 2023, as reflected in the public changelog entry bearing your name and email address. 2. That the file /etc/cron.daily/dpkg is a standard component of dpkg 1.21.22 for amd64 architecture, distributed to all Debian systems carrying that package version, as reflected in the official file list at packages.debian.org. 3. That the file dates associated with this package reflect upstream authorship and compilation dates rather than dates of installation on any individual end-user system, consistent with the timestamp preservation requirements of Section 4.7 of the Debian Policy Manual. 4. That a December 2, 2025 modification timestamp on a system carrying this package would be consistent with a downstream distributor, such as Google Crostini, repackaging or imaging this software subsequent to its original Debian release date. 5. That a cryptographically signed release record or archive timestamp exists within the public Debian infrastructure that independently verifies the authenticity and release date of this package version, and if so, where that record may be accessed by a member of the public. I am making this request solely for personal verification and documentation purposes. I am exercising rights expressly granted to me as a recipient of software distributed under the GNU AGPLv3+ and as a member of the public engaging with a publicly hosted open source repository governed by the Debian Policy Manual. I intend to retain any written response as part of my permanent personal records. I am copying this inquiry to the Debian development mailing list and to the Debian Press Contact to ensure that a permanent public record of this verification request exists. Thank you sincerely for your time, for your service to the Debian project, and for the transparency of the project's public infrastructure. *Respectfully submitted,* *Marilyn Bretherick * CC: [email protected] CC: [email protected] CC: [email protected] CC: [email protected] ------------------------------ *CONFIDENTIALITY NOTICE:* This email and any and all accompanying Electronically Stored Information (ESI), including all email threads, attachments, linked content, and associated metadata, are intended *only* for the use of the individual or entity to whom they are addressed. This communication *may* contain information that is private, confidential, legally privileged, and/or proprietary. *If you are not the intended recipient of this communication,* you are hereby notified that any unauthorized review, use, disclosure, dissemination, copying, or distribution of this message or its contents is prohibited. If you have received this communication in error, *please notify the sender. * *COPYRIGHT AND INTELLECTUAL PROPERTY NOTICE:* The text, attachments, and all other content of this email are unpublished literary works and/or proprietary information protected by U.S. Copyright Law (17 U.S.C. ยง 101 et seq.) and other applicable intellectual property laws. The sender is the sole copyright and intellectual property holder. Unauthorized reproduction, distribution, or use of this communication is strictly prohibited. The disclosure of this communication does not waive any applicable legal privilege. The sender retains all rights and privileges associated with this communication and its contents.
