On Wed, 10 Mar 2004 14:55:26 -0500, Erik LaBianca wrote: > I'd say we should just make a format that we expect .src.rpm and md5sum > announcements in, and ask people to conform to that. I think quick and > effective QA will be sufficient incentive. For average size packages, MD5 checksums and GPG signatures are not needed at all. The included tarball and maybe 1-2 patches can and must be verified. Signatures get important for large packages, which include lots of patches, for instance. --
