Y
Hacker News
new
|
ask
|
show
|
jobs
by
rho138
663 days ago
Are packages cryptographically signed by the actual package maintainer or only with the repo owners key?
1 comments
erikvanoosten
663 days ago
As package maintainer you are required to sign the packages with a PGP key. Maven Central also requires that you upload that PGP key (the public part only of course) to one of a few well-known key servers.
link