David Davis

> I'm fine if we want to go down the route of adding a field for the original pkgId (and we'll probably also need to add a field for the...

Here's the PR: https://github.com/pulp/pulpcore/pull/6245 We have a blog post too: https://pulpproject.org/blog/2025/03/11/checkpoint-support---a-journey-towards-predictable-and-consistent-deployments/

We are impacted by this as well: https://github.com/microsoft/linux-package-repositories/issues/280 We're on pulpcore 3.88.0 and pulp-rpm 3.32.2.

Sorry, the pulp-rpm version we're actually using is 3.32.5 not 3.32.2.

@nopslider we (the PMC team) maintain packages.microsoft.com but we don't build or publish packages. We've forwarded this issue internally to the package owners but as @Klaas- mentions, your best is...

@junmingsg the PMC team maintains the infrastructure for packages.microsoft.com but we don't publish packages to it. The Azure Arc team would have to answer that question. We've forwarded this issue...

@Klaas- that's exactly what we strongly advise to publishers: never to delete packages. The functionality to delete packages predates me but we've talked about possibly removing or restricting it.

If we can add metadata_signing_fingerprint, then https://github.com/pulp/pulpcore/issues/6733 is no longer necessary (at least for us).

I brought this up at open floor. Here are my notes: * No obvious concerns with this * Will try to add this to pulp_deb as part of the work...

While we aren't responsible for publishing packages to packages.microsoft.com, I will look at how we can pass this message along to product teams at Microsoft. In the meantime, I would...