This one's for all cases when a live/VCS eclass is being used to fetch sources for a release/keyworded ebuild instead of a snapshot fetched via SRC_URI. Basic rationale: - VCS eclasses don't provide strong cryptographic checks like distfiles do, - VCS resources are less network- and space-efficient, and usually are not mirrored locally when distfiles are, - distfile fetching is less likely to be problematic on networks with traffic restrictions.
pkgcheck's had this fatal for quite a while and no instances in tree (and CI forbids it as a result of pkgcheck). A very, very long time in fact, but obviously wasn't used for CI back then: https://github.com/pkgcore/pkgcheck/commit/592033724ef75017d88e045c6b410d125c73d3da.