|
|
|
|
|
|
by javagram
2553 days ago
|
|
|
Manual tagging is the best way for most projects to do stuff like sign the package using an offline hardware key. Putting your keys on CI makes you vulnerable to your CI being hacked, which anecdotally seems to have happened to several projects. |
|
|