[slf4j-user] Signatures for verifying Slf4j

Ceki ceki at qos.ch
Thu Jul 8 14:42:16 CEST 2021


Hi Elisha,


All SLF4J artifacts published on Maven central are signed. For each
artifact, there is an associated signature file with the
".asc" suffix.

To verify the signature use the key found at

www.slf4j.org/public-keys/ceki-public-key.pgp. It has the
following fingerprint:

pub   2048R/A511E325 2012-04-26
Key fingerprint = 475F 3B8E 59E6 E63A A780  6748 2C7B 12F2 A511 E325
uid   Ceki Gulcu <ceki at qos.ch>
sub   2048R/7FBFA159 2012-04-26

See gnupg documentation on how to verify signatures.

Best regards,

--
Ceki Gülcü

On 07.05.2010 09:26, Elisha Ebenezer wrote:
> Hi Ceki,
> I'm trying to push to use Slf4j and logback in our project and my 
> company wants me to get the MD5 or SHA1 hashes or the code-signing certs 
> to verify the integrity of downloaded files.
> 
> Though repo1.maven.org <http://repo1.maven.org> site provides the 
> hashes, we are not sure whether the war and the hash are uploaded by 
> genuine party or not.
> 
> As you are the owner of the project, I request you to kindly publish the 
> hashes or certs on website's download page.. which can be cross-checked 
> with the downloaded war and/or also with the maven repository.
> 
> Kindly do the needful and oblige.
> 
> Thanks,
> Elisha Ebenezer.




More information about the slf4j-user mailing list