Y
Hacker News
new
|
ask
|
show
|
jobs
by
jbaruch_s
4339 days ago
That's very true. That's why Bintray has both "web identity verification" and pgp signing, while Maven Central gives you signing only, without a way to really identify the author.
1 comments
brianefox
4339 days ago
Fwiw, Bintray requires the private key and passphrase to do the signing. This isn't really proper key handling and has been pointed out before.
link
jbaruch_s
4334 days ago
Brian, how ignorant of you (again). The docs on signing are public, you could read before spreading FUD.
link