docs: add security guidelines for library key verification and metadata

2026-03-22 22:03:01 +01:00
parent 057cbd6bb9
commit 7228da3a68
4 changed files with 1450 additions and 0 deletions
@@ -0,0 +1,3 @@
+After adding new libraries make sure to export the keys for monitoring. Verify that the keys match before using them tho.
+
+gradlew --write-verification-metadata pgp,sha256 --export-keys