I just tested pgpverify-maven-plugin on maven-artifact-plugin .
I was successful, really nice.
From that experience, I have some questions on the keys map file:
1. is there a way to ease the creation of the file content?
currently, I had to copy paste output, check that I trusted the keys (which of course can't be automated), and then had to do a lot of modifications to match the properties file format. Would it be possible to have a default output that matches properties format, so reviewing and injecting content would be easier?
2. I also tested on a multi-module project (like maven-archetype-bundles), and I could not configure the plugin to use one single keys map for the whole build: creating 1 file per module is really cumbersome.
Did you imagine a way to share the same map file in a multi-module build?
This plugin is really nice, the hard part is about writing keys map file...