...
The current work has been done on the matter:
- Commons OpenPGP (used by Wagon)
- Wagon OpenPGP
The feature branch in Maven is:
Related JIRA issue(s): http://jira.codehaus.org/browse/MNG-2477
...
- one in the Maven installation (
$M2_HOME/conf/pubring.pgp, configured in the installation settings file) - one in the user's Maven directory (
$HOME/.m2/pubring.pgp, configured in the installation settings file) - others added to
settings.xml(see below)
The Maven installation will contain the keys of several well known individuals and repositories. Should a user not wish to accept this initial set of keys, they can simply remove the installation key ring and manually install keys they wish to trust. As described later, a trust store and automatic retrieval from a key server is not used, but is a future consideration.
...