We announce that The first version
2020.08 of pgp-keys-map has been released.
Now we can verify PGP signature of downloaded artifact, connected with proper key which was used for signature. So we have sure - we used correct unchanged artifact.
One more benefit which you have using our tools is checking signature of artifacts during each build, not only during artifact download from the remote repository to local.
We need help of any other people (the more the better) to build credible keys map, so your contribution is welcome.