Store the pkgid (SIGMD5) of the source rpm in a tag in the binary .rpm (SOURCESIGMD5 or something), so we can verify whether a particular binary .rpm came from a particular .src.rpm. -- Elliot Take a lesson from the whale; the only time he gets speared is when he raises to spout.
RPMTAG_SOURCEPKGID added to binary packages headers in rpm-4.2-0.34 when built. Note that value is RPM_BIN_TYPE if accessing from bindings.