Signed source packages

Does the source package (i.e. the tar.gz from upstream) has to be signed by the developer?