Release 1.3.0-wren3

New Feature from Upstream: Allow PGP key requests to automatically retry failed requests up to 10 times when target PGP server is temporarily unavailable (s4u#34).

Release 1.3.0-wren2

Includes additional reactor dependency fixes from s4u#33. This is needed so that large Wren projects (e.g. Wren:IDM) can properly build without requiring the current reactor build to be signed.

Release 1.3.0-wren1

• Breaking Change from Upstream: Note that group ID has changed from com.github.s4u.plugins to org.simplify4u.plugins. Artifact ID is now org.simplify4u.plugins:pgpverify-maven-plugin:1.3.0-wren1.

• New Feature from Upstream: Allow reactor dependencies to be skipped without skipping PGP verification for other dependencies, for cases in which the current build is unsigned (s4u#29).

• Wren Specific Enhancement: Adds GPG signing for the artifacts of PGPVerify. The plug-in can't automatically verify its own JAR signature -- since it does not yet verify plug-ins, and there's no guarantee that its own signature check is valid if the plug-in was actually compromised -- but at least we can manually verify whether a given copy of the plug-in matches our signature.

Release 1.2.0-wren1

Includes fixes for the following upstream issues:

• s4u#10: Use HKPS as default protocol for SKS keyservers
• s4u#11: Add options to control warning/errors on weak signature
• s4u#15: Failure to locate signed POM always fails if verifying POMs
• s4u#21: Add options for verifying SNAPSHOT, provided, and system deps
• s4u#22: wrong filename used for artifacts of type "test-jar"
• s4u#25: Process the keys map in the order it appears