|
|
|
|
|
|
by exabrial
2907 days ago
|
|
|
This might be a little advanced, but I'm writing a Maven plugin that verifies pgp signatures on your artifacts going into your build. The motivation for me was that almost no one checks signatures! We all should be doing that to prevent hostile bytecode from getting into our systems. So this plugin automatically does it :) I could use some assistance writing unit tests and hacking on missing features. https://github.com/exabrial/pgp-signature-check-plugin |
|
|
But thanks anyway for your response!