- We need to grow some digest (and why not external signature as well)
validation mechanism before we can let rpmbuild download + execute
arbitrary content from the internet, at least by default.
%_binaries_in_noarch_packages_terminate_build 1
#
+# Should rpm try to download missing sources at build-time?
+# Enabling this is dangerous as long as rpm has no means to validate
+# the integrity of the download with a digest or signature.
+%_disable_source_fetch 1
+
+#
# Program to call for each successfully built and written binary package.
# The package name is passed to the program as a command-line argument.
#