Getting the whitelist from git seems difficult and error prone. Maybe
would be simpler to put it in the SRPM instead? That way, you would only
have to unpack the matching SRPM and wouldn't have to access the git
repo at all.
Adding the whitelist file as a SourceXX would make sure it's included
in the SRPM.
Thanks, Kalev, that is a very good idea. It has some pros and cons, as everything.
We'll definitely think about this approach.
Regardless of what we do with whitelists, we'll still have some use cases where
relying on the dist tag could improve our life, though :) Here's the most recent