cmrockwell commented on pull request #51: URL: https://github.com/apache/sling-whiteboard/pull/51#issuecomment-623540975
Thanks for posting. Here is what the OpenSAML (Shibboleth) developers say about Maven Central. https://wiki.shibboleth.net/confluence/display/DEV/Use+of+Maven+Central > Maven itself has no support for validating signatures of artifacts (be they signed jars or jars with a detached PGP signature).... If other people aren't worried about the veracity of the artifacts they use that's on them ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org