Y
Hacker News
new
|
ask
|
show
|
jobs
by
pron
4138 days ago
But unless the signers have a public certificate, or publish their public keys on their website (which you need to obtain manually), the signatures on Maven Central can be just as fake as the artifacts.