Possible to sign or release a checksum alongside release?

[ropnop]

Hello - it would be beneficial for us to verify the JAR after downloading it in our pipelines. Could you release a checksum or (even better) sign the JAR and let us verify it with a public key? That way we could verify it after downloading in a pipeline but before executing it. Thanks

[SenuraMalaka]

The checksums are posted in here for each release.

[annarozin]

please see @SenuraMalaka answer