Open Nek-12 opened 5 months ago
All artifacts are signed. I believe the PGP key is only uploaded to a single public repository though. My recollection (this is from years ago) is that it's the keyserver.ubuntu.com repo though, so I'm a little confused.
Gradle does not use Ubuntu keyserver by default, so multiple have to be used.
https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications/
Gradle task
did not find a pgp public key in a remote repository or the artifact is not signed. A fix is to: