Y
Hacker News
new
|
ask
|
show
|
jobs
by
pron
4139 days ago
Really? Impressive! Where do you get the public keys? Most projects hosted on Maven Central don't publish them on their website.
1 comments
teacup50
4138 days ago
http://blog.sonatype.com/2009/04/nexus-133-introduces-automa...
link
pron
4138 days ago
But unless the signers have a public certificate, or publish their public keys on their website (which you need to obtain manually), the signatures on Maven Central can be just as fake as the artifacts.
link