from anonymous - 'I'd want to have smarter checks that understand the composition of our software too though. For example, every RPM manifest should have an SRPM package and a set of binary, arch-specific RPMs that are generated from that SRPM. That can't be checked by just validating certain fields exists but understanding the overall structure.'
having these grouped into declarative rulesets (ex.redhat, debian) might be handy
from anonymous - 'I'd want to have smarter checks that understand the composition of our software too though. For example, every RPM manifest should have an SRPM package and a set of binary, arch-specific RPMs that are generated from that SRPM. That can't be checked by just validating certain fields exists but understanding the overall structure.'
having these grouped into declarative rulesets (ex.redhat, debian) might be handy