While it’s fairly easy to install software from source, it’s not much more work to build an RPM package, especially if the original source code is well-written and in a traditional tarball. The extra work will make it much easier to track, update, and remove the software installed on your system.
In order to build an RPM, you need to have the original source tarball plus a spec file, which provides most of the metadata for the RPM package and controls how the RPM is built—but before you build any packages, you should customize your RPM environment.
RPMs are digitally signed by the packager. Although this is an optional step, it indicates that the package is from a trusted source and provides a way of verifying that no one has tampered with it.
RPM signatures are generated using GNU Privacy Guard (gpg or gnupg), which can also be used to sign or encrypt email messages. If you have not created a gpg key, this is a great time to do so:
gpg --gen-keygpg (GnuPG) 1.4.1; Copyright (C) 2005 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. gpg: directory \Q/home/chris/.gnupg' created gpg: new configuration file \Q/home/chris/.gnupg/gpg.conf' created gpg: WARNING: options in \Q/home/chris/.gnupg/gpg.conf' are not yet active during this run gpg: keyring \Q/home/chris/.gnupg/secring.gpg' ...