I've just updated the download page of GNUMP3d to mention that I'll be GPG signing all future releases - rather than simply listing MD5sums.
It's a good thing for me to be doing, especially now I've taken the decision to sign all my outgoing emails. This I've done because I know a large proportion of people I mail use GPG/PGP, and I'm applying to become a Debian project member - which will hopefully spread my key further into the wild.
The thing that made me do this is the recent bitchx server compromise. I'd hate to leave people open to a compromised version of the server.
In other news the development is going well, more autoconfiscation is happening thanks to this online autoconf / automake book. I really think that I'm beginning to get the hang of it. (If you're using autoconf you should probably checkout the GNU Autoconf macro archive.