Mention JAR signing key in SECURITY.md

This commit adds a link to the now published information on spring.io about the GPG key used to sign the Spring artifacts published on Maven Central. Closes spring-projectsgh-23434
stsypanov · Mar 17, 2023 · 46bd6ad · 46bd6ad
1 parent 19384ac
commit 46bd6ad
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,5 +1,10 @@
 # Security Policy
 
+## JAR signing
+
+Spring Framework JARs released on Maven Central are signed.
+You'll find more information about the key here: https://spring.io/GPG-KEY-spring.txt
+
 ## Supported Versions
 
 Please see the