From 46bd6add15bb41163445e375908df33af2831b95 Mon Sep 17 00:00:00 2001
From: Brian Clozel <bclozel@vmware.com>
Date: Fri, 17 Mar 2023 22:30:49 +0100
Subject: [PATCH] Mention JAR signing key in SECURITY.md

This commit adds a link to the now published information on spring.io
about the GPG key used to sign the Spring artifacts published on Maven
Central.

Closes gh-23434
---
 SECURITY.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index 038a36b565..2a50f06bd5 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,5 +1,10 @@
 # Security Policy
 
+## JAR signing
+
+Spring Framework JARs released on Maven Central are signed.
+You'll find more information about the key here: https://spring.io/GPG-KEY-spring.txt
+
 ## Supported Versions
 
 Please see the