CPE-Parser icon indicating copy to clipboard operation
CPE-Parser copied to clipboard

Published 20 hours ago verified publisher icon stevespringett

Publish PGP key ID.

Open silnith opened this issue 2 years ago • 0 comments

Maven Central requires all published artifacts to be signed using PGP. If a publisher provides their key ID to PGP keys map then end users can use the Verify PGP signatures plugin to validate that the artifact has not been altered or replaced as part of a supply-chain attack.

silnith avatar Oct 15 '21 01:10 silnith