diff --git a/hplip-3.13.3.tar.gz.asc b/hplip-3.13.3.tar.gz.asc
new file mode 100644
index 0000000..60b214e
--- /dev/null
+++ b/hplip-3.13.3.tar.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEABECAAYFAlE5kPoACgkQc9dwzaWQR7m4mwCfbJgo3GNIBg7Dmkcm7jLmmbfE
+Uu0An0u9w+hysqpgGz6Qd4jjQoIhpo2c
+=/sA6
+-----END PGP SIGNATURE-----
diff --git a/hplip.changes b/hplip.changes
index 0b0f011..fb020b9 100644
--- a/hplip.changes
+++ b/hplip.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Mar 14 15:13:09 UTC 2013 - meissner@suse.com
+
+- use URLs in Source tags
+- added gpg signature checking to %prep.
+
 -------------------------------------------------------------------
 Tue Mar 12 11:23:11 CET 2013 - jsmeix@suse.de
 
diff --git a/hplip.keyring b/hplip.keyring
new file mode 100644
index 0000000..df273ad
--- /dev/null
+++ b/hplip.keyring
@@ -0,0 +1,39 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.18 (GNU/Linux)
+
+mQGiBEsnpscRBACyclffkMVkXXdtY2qTT2+B6HN4hBoUxBwZBULyHFuSP9lsB7wK
+16Hl5ZTu+oy+GegzzFRrHWxBLN9i67T0plNkqDJhWUrmXR7xvX+dFc+Qrl+uPR0i
+CY1NMnWwnFh01YtYb9NAlb3bLn8RLBH8Zo60i7wfwdW9Wi1mgzmUT/UI9wCg7y6R
+VmF4RjNWJ2WRdL/jVeAB8H0D/0xfePoYWrSGzOp7+Vl+xYo5TdSrzohUUnly6xla
+UIKwlBCG/jpQqKH17803GpkFyh5FxG1Db7VWsciDv7flcBLPtn75gU2fPHXL+gnv
+r1eJ+ugQwCl4/8d4iJ5TMXmHQOW2Pd0U47OmbZYNNgtA+lXhF8n8+6w3GRhqubLF
+/9b/A/4wH37bv1shLhdLpP+9WYHc8z9+jmStVUFdAGoD/n6vOpBX+GQYaEY5Y8RS
+Wf0DFhMF6CFYNZ2ngDyvPt53M2jU7hrxXIfs/b5bLMqG2et9M/avdEWGUKTsC7wu
+0zeGtD07r9EA3WDIhxN9QEGZAq5Q3NSbedMHIVE4Ynq7VNCdsrQ0SFBMSVAgKEhQ
+IExpbnV4IEltYWdpbmcgYW5kIFByaW50aW5nKSA8aHBsaXBAaHAuY29tPohgBBMR
+AgAgBQJLJ6bHAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQc9dwzaWQR7n4
+dQCghZgIpxuTC+GhiQIO0dK9wTlbMmoAoOB252fEOvf73v8Ya8qmN1GlmYiXiJwE
+EAECAAYFAk7UORAACgkQnsV5kCcUcIjUuAP8D2rK0KZyA0uHyap2BkF5U4wm6qQ3
+p27K0hh50dZMIMSt3FH0TpW994jaoqBKqrHBk3U+/ZT4tD43hmaqc+XmnYNrNMRO
+KBwkjEzKeKaOBXd1I5Tid0I2u1L6bl5IlQzujbWsn/5YbWypLlZhf3Hxg8uuHYu9
+kiQLYM4jqIi0YgSJARwEEAECAAYFAk3NP24ACgkQd7E6jROY7coc8Af8DYe87G2u
+OSSPGkebecci11oTX9mudvDCQkuTFBcGPlMnPl6bn5QcMjBxuAm2TO0mYlR0QcPU
+vQ+tNypw4AZGfsgnvG1EsxSfTgiR6tD2KdIZD8GJw/GudmtUgF3sZkw1txLkk57u
+YufHc9u56oMvntAaU7nisosE1rdqON9fLf+tqvMcrX2+8tDHobfimltC+J+F5dyx
+Cnef+zB9/+dzAAjiunicNZ35zv9tKBh83kECPUpScpHjrXxAqdSHrNlnjGZdmiFB
+0luSbPCIF8sYyLYb5W+Sw1t7WsZ1XRgq67gTV8Vw2o9jw10a/vclwFHeVEtius6g
+Cj0CwkJ1uRuiLrkCDQRLJ6bHEAgAhDv8Ifl/QKaJONb5/qm8uWC70rlzXLm9YlUp
+bAcr/tvCkG271wzT4Sz/cHTvQ5s3yBsGq49Li7Z9IfVFk5xKV0mdGyiZwmHOxmaV
+L3DcoyLkrOvYStqy3d/DEm9YaAWiAi42REVIXvmRsJce87wCIIY/rLNbncKXOj3H
+TzWopqfnJPf/nkqYqwWbFkQxMmGfK9E84dLwjGRtwCWb5uN/YLM3uSJrwLfsRZbm
+EQhzAJF2mIplwIqR3R7naruQdfyjad5EXOvKQ8P5MxUieGxHUlv90LuYCcW+MvVw
+0zIqchbdWGaz+LGCTRDAIyJZZzB6kLCuHn3TWPyUpPdsBI5jfwAECwf+Nl+UUqw0
+HPZP9kXYG0VED1wFxWEckgzLeF32kDQGIlNp0NbYcSbi8xS56fFbpszA+LZrJgTZ
+mnFRUwDCclma7punj3b8nM0gRtHvuLentmAhnQPIX8SWDRwhBNIujSOxQrtjjw6o
+FyrMlYqpe73IUAAINzeCCwZXKDvOiTgm7oI/mI6fJiNrc8NqNxhGS4Bzw/rexAhZ
+ngekMqR9Nglxk7EzUOqrffc6/Orq1fE2t/UNAOqVVfNX5F2hiINXi1+ywhOYOJVf
+Q/xuil2FmI7txAc/7XmUcqxNwayjOzBKlVHIAcIyLMATw3yRVvh+gezGvUbE9Hny
+YHq7nO9dmenM7YhJBBgRAgAJBQJLJ6bHAhsMAAoJEHPXcM2lkEe5pLMAnA/kDShH
+CzfV5loZcyX8M41tzSYDAJ4jUTgQV69+3QpJmsE3GoCksIYlMQ==
+=lgaV
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/hplip.spec b/hplip.spec
index 54b6e88..6c1a2b3 100644
--- a/hplip.spec
+++ b/hplip.spec
@@ -69,7 +69,9 @@ Url:            http://hplipopensource.com
 # For example: /usr/bin/gpg --keyserver pgp.mit.edu --recv-keys 0xA59047B9
 #              /usr/bin/gpg --verify hplip-3.13.3.tar.gz.asc hplip-3.13.3.tar.gz
 # must result: Good signature from "HPLIP (HP Linux Imaging and Printing) <hplip@hp.com>"
-Source0:        hplip-%{version}.tar.gz
+Source0:        http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz
+Source1:        http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz.asc
+Source2:        hplip.keyring
 # Patch0...Patch9 is for patches from HP:
 # Patch10...Patch99 is for Suse patches for the sources from HP:
 # Patch10 fixes "... is used uninitialized ..." warnings:
@@ -170,6 +172,11 @@ Obsoletes:      hplip3 < 3.9.5
 # Skip testing devel dependencies required by libtool .la files by the following comment:
 # skip-check-libtool-deps
 
+# starting with 12.3 we can do buildtime gpg signature checking of the tarball.
+%if 0%{?suse_version} > 1220
+BuildRequires:  gpg-offline
+%endif
+
 %description
 The Hewlett-Packard Linux Imaging and Printing project (HPLIP) provides
 a unified single and multifunction connectivity solution for HP
@@ -308,6 +315,10 @@ with the scan drivers in HPLIP for standard HP all-in-one printers.
 
 
 %prep
+# first thing is to verify the GPG signed tarball, starting with openSUSE 12.3.
+%if 0%{?suse_version} > 1220
+%gpg_verify %{S:1}
+%endif
 # Be quiet when unpacking:
 %setup -q
 # Patch10 fix-uninitialized-variables.diff