Böck: Multiple vulnerabilities in RPM – and a rant

One of the design principles of dpkg from the beginning, and still standing, is that any broken dpkg system should be recoverable with very basic "standard" UNIX tools, such as ar/tar/gzip/xz/etc and $EDITOR (for at least the .debs, its contents, and all dpkg databases). So if you need a workaround, well you already have it, just edit the database away. Of course I'd very strongly discourage this, in the same way I'd discourage using any of the --force options (in different levels of strength), as using those is in general just wrong, but it might be necessary at some point, and it's "supported" by design, even though you are on your own, then. Would having a specific --force option be more convenient, sure. Is it necessary to perform those workarounds, no.