Y
Hacker News
new
|
ask
|
show
|
jobs
by
exabrial
499 days ago
We use
https://www.simplify4u.org/pgpverify-maven-plugin
and a private PGP signing key allowlist, bound to an artifact namespace. This immediately cuts down on unknown dependencies from creeping into our build.