It appears that %defattr is only needed on EL-4 at this point. More recent rpms (rpm-4.4.x) add a default %defattr line if none is present in the rpm %files section. So we can remove the need for %defattr to be present in the Guidelines.
scop tested the attached spec file with the following results:
Fedora 14 (rpm 4.8.1): /root/foo owned by root:root
CentOS 5.5 (rpm 220.127.116.11): /root/foo owned by root:root
CentOS 4.9 (rpm 4.3.3): /root/foo owned by $nonroot:$nonroot
The two main places to change are:
MUST: Permissions on files must be set properly. Executables should be set with executable permissions, for example. Every %files section must include a %defattr(...) line. 
However, there's numerous other places where %defattr is specified that we can cleanup. Google search that shows those locations:
Sample spec to show %defattr is now optional
I'm definitely +1 to getting rid of stuff we don't need.
Note also that rpmlint will need an update to not emit the files-attr-not-set complaint (at least with the fedora and el5 configs). Should be pretty trivial.
Since I won't be here next week, I'll +1 this right now as well.
Approved (+1:8, 0:0, -1:0)
In the past (pre rpm 4.4), it was necessary to have a %defattr section at the beginning of each %files section, but this is now the default and no longer necessary to explicitly include.
The guidelines have been updated in numerous places to remove references to hard-coded %defattr sections.
Metadata Update from @tibbs:
- Issue assigned to spot
to comment on this ticket.