Philippe>An additional question, can you confirm that libraries that were not signed Philippe>with PGP key can still be used ?
Yes. There's always an option to use "SHA only" even if PGP signature is present. As of now, Gradle Plugin Portal forbids publishing of `.asc` signatures (for unknown reason), so virtually all Gradle plugins come without PGP. Philippe>For those, we rely on SHA right ? You are right, those are verified with SHA-512. The only forbidden case is to omit both SHA and PGP. So there should be at least something. Vladimir
