|
The Gradle signing plugin by default uses the Bouncycastle implementation of OpenPGP to sign artifacts, based on a signing key that is configured either via system properties specified in a gradle.properties file, or via environment variables.
The plugin can be configured with an alternate signatory. Create one that relies on the MongoDB notary service, and configure the Java driver to use it for all artifact signing.
The alternate signatory should be disabled by default so that third parties can publish versions of the releases to their own private repositories
|