Please publish the list of the official release PGP keys #274
Description
The idea is project page should provide clear steps to verify if the release is official.
I'm afraid I've no standard way of doing that, however, it would be nice if you could mention the official PGP key ids in the Download section.
Note: current hamcrest.org website is not available via HTTPS, so either HTTPS should be enabled first or KEYS file should be published to GitHub repository.
See also spring-projects/spring-framework#23434 (comment)
See also https://gitlab.ow2.org/asm/asm/issues/317884
See also junit-team/junit-framework#2020
Sample implementation for Apache JMeter: https://jmeter.apache.org/download_jmeter.cgi As you see, it refers KEYS file and links to the page with gpg commands to verify the signatures.
PS. I don't really expect that everybody would start verifying their downloads, however making the official key ID publicly available would help for automated verifications as well.