Dedicated goal to check public key used for signing the attached *.asc files properly uploaded to public keyserver #75
Labels
enhancement
New feature or request.
Comments
kwin
changed the title
|
I was transferred issue from - |
|
I hope that Sonatype verifying deployed artifacts - whether they meet the requirements - if not should plugin can also be used for another case than signing for Maven Central - so goal must be optionally |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As Sonatype requires each Maven artifact having the public key used for signing artifacts uploaded to some public keyserver (https://central.sonatype.org/publish/requirements/gpg/#distributing-your-public-key) it would be nice to check this requirement during the release of the project with a dedicated Maven plugin goal.
Not sure whether this goal would make more sense in this plugin or rather https://www.simplify4u.org/sign-maven-plugin/
The text was updated successfully, but these errors were encountered: