Mention JAR signing key in SECURITY.md

This commit adds a link to the now published information on spring.io about the GPG key used to sign the Spring artifacts published on Maven Central. Closes gh-23434
2023-03-17 22:30:49 +01:00 · 2023-03-17 22:30:49 +01:00 · 46bd6add15
parent 19384ac8ad
commit 46bd6add15
1 changed files with 5 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,5 +1,10 @@
 # Security Policy

+## JAR signing
+
+Spring Framework JARs released on Maven Central are signed.
+You'll find more information about the key here: https://spring.io/GPG-KEY-spring.txt
+
 ## Supported Versions

 Please see the