minlog
minlog copied to clipboard
Published
20 hours ago •
EsotericSoftware
EsotericSoftware
Add key to PGP keys map
Maven Central requires all published artifacts to be signed using PGP. If a publisher provides their key ID to PGP keys map then end users can use the Verify PGP signatures plugin to validate that the artifact has not been altered or replaced as part of a supply-chain attack.
