> I think that makes it really tricky with ordering (is it applying to the next
> source or the previous one? and what if there are conditionals around source
> lines?). imho really not very intuitive as it is very context dependent.
Currentpy you can use:
```spec
Source: file1
Source: file2
.
.
```
and rpm automatically numbers those Source internally.
So in above scenario ..
```spec
Source: file1
Source: file2
SourceCSum: sha256://<checksum1>
SourceCSum: sha256://<checksum2>
```
Would be instantly equivalent of:
```spec
Source0: file1
Source1: file2
SourceCSum0: sha256://<checksum1>
SourceCSum1: sha256://<checksum2>
```
Using `<csum_algh>://<checksum>` could allow as well use for example something
like `github://verified` which could retrieve verified sign out of
released/tagged Source: (and Patch:) archives (patches generated out of
commits) as well.
https://docs.github.com/en/authentication/troubleshooting-commit-signature-verification/checking-your-commit-and-tag-signature-verification-status
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/463#issuecomment-1635700929
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/463/1635700...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
