Because a simple "touch" command can change the ctime/mtime on files, and thus leading to false changes (which could then trigger service or exec refreshes). there should be a way to specify a URI that contains an MD5sum or other checksum value for files that use http or https based sources.
Thank you for filing this issue. We agree it is likely an improvement, but due to other issues demanding precedence, we don’t anticipate being able to address this any time soon. If you are interested in submitting a patch to the repository for this project at https://github.com/puppetlabs, please open a pull request for this feature.
You can specify the checksum (type) and checksum_value, but there are issues being tracked in PUP-10368. It's unlikely we'll support a checksum_source that is on an HTTP server, as the checksum could be spoofed to match whatever the content is changed to. So I'm going to close this as won't do.