Gradle Plugin Portal allows publishing plugins with PGP signatures for quite some time now (since com.gradle.plugin-publish version 1.0.0). PGP signatures make it easier to verify dependencies.
org.checkerframework:checkerframework-gradle-plugin:0.6.26 is published without a PGP signature.
Gradle Plugin Portal allows publishing plugins with PGP signatures for quite some time now (since
com.gradle.plugin-publish
version1.0.0
). PGP signatures make it easier to verify dependencies.org.checkerframework:checkerframework-gradle-plugin:0.6.26
is published without a PGP signature.See https://docs.gradle.org/current/userguide/publishing_gradle_plugins.html#sign_artifacts