Publish PGP key ID.

Maven Central requires all published artifacts to be [signed using PGP](https://maven.apache.org/repository/guide-central-repository-upload.html#pgp-signature). If a publisher provides their key ID to [PGP keys map](https://github.com/s4u/pgp-keys-map) then end users can use the [Verify PGP signatures plugin](https://github.com/s4u/pgpverify-maven-plugin) to validate that the artifact has not been altered or replaced as part of a supply-chain attack.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Publish PGP key ID. #53

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Publish PGP key ID. #53

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions