One artifact failed verification: gradle-git-version-3.0.0.pom (com.palantir.gradle.gitversion:gradle-git-version:3.0.0) from repository gradle
This can indicate that a dependency has been compromised. Please carefully verify the signatures and checksums.
The artifact was signed with key bf3a87d91b70be32cad64a2645d0caa6d26b0f7d (Open Source <opensource@palantir.com>) but the signature didn't match
Bump, if anyone knows a contact email for someone who can actually fix the issue with invalid signatures on maven metadata in releases that would be nice.