Can one supply a different SHA-256 checksum for a package download mirror than for its main download? For example, the main ‘download’ could be an uncompressed Mercurial repository clone/checkout, while its mirror could be a ‘.tar.gz’ archive.
Additionally, could a formula with multiple package download mirrors have a different checksum for each of them?
The idea is that a mirror is exactly the same file. If it does turn out to be different I’d consider that an issue with the mirror.
If you use a version control system as download point that might be better fitted for a devel block though.