And we need policies and process around key storage, rotation, etc.
Taking the config out of the build now; to be put back when we can address comprehensively. This isn't something we can do prior to full procedures in place, as signing has to have excellent controls and clear verification to consumers.
Not actually being signed now.
And we need policies and process around key storage, rotation, etc.
Taking the config out of the build now; to be put back when we can address comprehensively. This isn't something we can do prior to full procedures in place, as signing has to have excellent controls and clear verification to consumers.
Configs to inspect:
release-publish-tbd-artifactory.yml
and in the
Release and Publish to TBD Artifactory
element where we domvn deploy
:pom.xml
When put back, will also need to go into
publish-maven-central.yml
.