Skip to content

Commit 848061e

Browse files
AB-xdevAB-xdev
committed
Update README.md
1 parent ab07835 commit 848061e

1 file changed

Lines changed: 26 additions & 0 deletions

File tree

README.md

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,3 +59,29 @@ This is impossible to manage and also massively degrades performance.
5959
Can be published into the repo but will be automatically deleted after a few days.
6060

6161
[![Snapshot Cleanup](https://github.com/xdev-software/central/actions/workflows/snapshot-cleanup.yml/badge.svg)](https://github.com/xdev-software/central/actions/workflows/snapshot-cleanup.yml)
62+
63+
#### Are the artifacts cryptographically signed?
64+
65+
_Last updated: 2025-09_
66+
67+
Yes, all artifacts should be signed with
68+
```
69+
-----BEGIN PGP PUBLIC KEY BLOCK-----
70+
71+
mDMEYanFmRYJKwYBBAHaRw8BAQdAwe6KCL97lXybaEP0YmvILxEra1NKqUy6MPyJ
72+
1YslrwK0JVhERVYgU29mdHdhcmUgPGluZm9AeGRldi1zb2Z0d2FyZS5kZT6IkAQT
73+
FggAOAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBByUKHSrxufW8XAY4hTr
74+
jkjDgOqqBQJlX1QbAAoJEBTrjkjDgOqqKrwBAJ+eAxW+JyUiD1ctvAeYllJlbUk0
75+
d5O4DG93rrJNRnQNAQCEeDefKB1u/L3LuB9WSCHF7ferP+JZW2OMUHJq/QksB7g4
76+
BGGpxZkSCisGAQQBl1UBBQEBB0B4U6R9YDwjffS8fShj23blN4dV5lwKBEpKcpON
77+
I/yHTwMBCAeIfgQYFggAJgIbDBYhBByUKHSrxufW8XAY4hTrjkjDgOqqBQJlX1Yl
78+
BQkJlH6MAAoJEBTrjkjDgOqql1oA/jMFKPwyPK3AwatXa4pHEksSWIMRgvfn/wQ5
79+
myqQxdxKAP9Mm50oVv6ONXkVpxf6zG47HnUZEdKFvNT6HRH4LMiWBQ==
80+
=h0V/
81+
-----END PGP PUBLIC KEY BLOCK-----
82+
```
83+
84+
For example you can check the key used for signing artifacts using the [pgpverify-maven-plugin](https://github.com/s4u/pgpverify-maven-plugin):
85+
`mvn org.simplify4u.plugins:pgpverify-maven-plugin:show -Dartifact=software.xdev:<artifactId>:1.2.3`
86+
87+
Older releases (before 2022) might use different keys.

0 commit comments

Comments
 (0)