For example the library openssl provides security updates for time to time, essentially deprecating earlier versions of the package. How should this be handled in spec files? One straightforward approach would be to remove the checksums for this version (and adding a comment into the spec file).