[ https://issues.apache.org/jira/browse/MGPG-97?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17717319#comment-17717319 ]
ASF GitHub Bot commented on MGPG-97: ------------------------------------ slawekjaranowski commented on code in PR #48: URL: https://github.com/apache/maven-gpg-plugin/pull/48#discussion_r1179503624 ########## pom.xml: ########## @@ -194,6 +194,14 @@ under the License. <artifactId>maven-invoker-plugin</artifactId> <version>3.5.1</version> </plugin> + <plugin> + <groupId>org.simplify4u.plugins</groupId> + <artifactId>pgpverify-maven-plugin</artifactId> + <version>1.11.0</version> Review Comment: There is 1.17.0 > add pgpverify check to the build > -------------------------------- > > Key: MGPG-97 > URL: https://issues.apache.org/jira/browse/MGPG-97 > Project: Maven GPG Plugin > Issue Type: Improvement > Affects Versions: 3.0.1 > Reporter: Herve Boutemy > Assignee: Herve Boutemy > Priority: Major > Fix For: 3.1.0 > > > signing is useful only if signature checks are done > let's apply this best practice to maven-gpg-plugin itself -- This message was sent by Atlassian Jira (v8.20.10#820010)