fedora-rpmdevtools (was RE: spectool-1.0.2)

[Michael Schwendt]

On Wed, 10 Mar 2004 14:55:26 -0500, Erik LaBianca wrote:

> I'd say we should just make a format that we expect .src.rpm and md5sum
> announcements in, and ask people to conform to that. I think quick and
> effective QA will be sufficient incentive.

For average size packages, MD5 checksums and GPG signatures are not
needed at all. The included tarball and maybe 1-2 patches can and must be
verified. Signatures get important for large packages, which include lots
of patches, for instance.

--