this post was submitted on 18 Oct 2023
1 points (100.0% liked)
Lisp
53 readers
3 users here now
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You interpreted my response correctly at the time ... my mind was changed. :)
Nobody anywhere checks the signature (and if you try using the tools provided, you'll find out why), so signatures are largely security theater in maven world. This is bad, and we should do better. Hoping to eventually have time to work more on this, and have had some sidebars with Phil H about it.