Comment 2 for bug 1286542

From IRC:

<stgraber> barry: so the trick with keyring-<hash>.tar.xz is that it is
           constent BUT included in all delta updates
<stgraber> barry: that's required for the corner case where a delta update of
           the ubuntu rootfs overwrites a file that's usually part of the
           keyring tarball
<stgraber> barry: so yeah, keyring-<hash>.tar.xz is a bit special because it's
           inclued in all full images AND all delta images. Obviously if your
           update path includes multiple delta images, it'll be in your
           download list multiple times. [14:59]
<stgraber> barry: right, so I can guarantee that I'll never give you the same
           filename with two different content [15:00]
<stgraber> that's the trick we do so porters don't have to repack the whole
           Ubuntu rootfs for their port and can just use the one from the
           public server

The only sane semantics then are to treat files with the same name as identical, put them in a set, and only download each instance of the file once. However, if the hash is given, complain if they are not the same. Also complain if the source url is not identical.