It has now been more than a year since kernel.org was compromised. The
homepage still does not work.
The format of Vcs-Bzr was recently standardized, although not in detail.
Policy now says this:
Vcs-Arch, Vcs-Bzr (Bazaar), Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg
(Mercurial), Vcs-Mtn (Monotone), Vcs-Svn (Subversion)
The field name identifies the VCS. The field's value uses the
version control system's conventional syntax for describing
repository locations and should be sufficient to locate the
repository used for packaging. Ideally, it also locates the branch
used for development of new versions of the Debian package.
In the case of Git, the value consists of a URL, optionally
followed by the word -b and the name of a branch in the indicated
repository, following the syntax of the git clone command. If no
branch is specified, the packaging should be on the default branch.
More than one different VCS may be specified for the same package.
I do not know Bzr but I believe that the Vcs-Bzr value of pcmciautils is
valid. This means the problem is on the PTS. There is a similar bug
reported for Vcs-CVS:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561228
I hope someone will review the situation for all the fields above.