From 4d8acda2f466f9170036eb82db092df06a49f903 Mon Sep 17 00:00:00 2001
From: Hamza REMMAL <hamza@remmal.dev>
Date: Thu, 18 Jul 2024 13:23:49 +0200
Subject: [PATCH 1/2] Add PGP keys to /security

---
 security.md | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/security.md b/security.md
index 8c55c2052..21c8f8090 100644
--- a/security.md
+++ b/security.md
@@ -12,11 +12,22 @@ Security announcements related to Scala are published to the ["Security Announce
 Messages to this channel can only be posted by administrators, so it is very low traffic.
 To set up email notifications for new security announcements, read [this post](https://users.scala-lang.org/t/about-the-security-announcements-category).
 
+## Releases Integrity
+
+To ensure the integrity of all the releases, our organization uses [PGP](https://gnupg.org/) keys for cryptographic signing. 
+We provide below an **exhaustive** list of all the keys
+used for signing the artifacts under the `org.scala-lang` namespace on [Maven Central](https://central.sonatype.com/namespace/org.scala-lang)
+
+|                    Fingerprint                    | Algorithm |                                                       Public Key                                                        |
+|:-------------------------------------------------:|:---------:|:-----------------------------------------------------------------------------------------------------------------------:|
+| 86DA 41A5 E169 9C9C EBE9 64A8 A905 2B1B 6D92 E560 | RSA-4096  | [Download Public Key](https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x86da41a5e1699c9cebe964a8a9052b1b6d92e560) |
+| ACF3 9CCD ED38 E2C6 F089 8BF2 8F7F 6C04 5196 7B84 | RSA-4096  | [Download Public Key](https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xacf39ccded38e2c6f0898bf28f7f6c0451967b84) |
+
 ## Reporting Vulnerabilities
 
 We strongly encourage reporting security issues in Scala to us privately before disclosing them in public.
 
-The email address for security related communication is `security@scala-lang.org`.
+The email address for security related communication is [`security@scala-lang.org`](mailto:security@scala-lang.org).
 Messages are delivered to the Scala Security Team, which includes people from EPFL, the Scala Center, VirtusLab and Lightbend.
 
 We strive to acknowledge reports within 2 business days.

From 5172b06a13d6ffe0e177ccb05ca6740f3f779f42 Mon Sep 17 00:00:00 2001
From: Hamza REMMAL <hamza@remmal.dev>
Date: Thu, 18 Jul 2024 14:36:04 +0200
Subject: [PATCH 2/2] Add new Scala PGP key

---
 security.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security.md b/security.md
index 21c8f8090..3f91401b8 100644
--- a/security.md
+++ b/security.md
@@ -22,6 +22,7 @@ used for signing the artifacts under the `org.scala-lang` namespace on [Maven Ce
 |:-------------------------------------------------:|:---------:|:-----------------------------------------------------------------------------------------------------------------------:|
 | 86DA 41A5 E169 9C9C EBE9 64A8 A905 2B1B 6D92 E560 | RSA-4096  | [Download Public Key](https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x86da41a5e1699c9cebe964a8a9052b1b6d92e560) |
 | ACF3 9CCD ED38 E2C6 F089 8BF2 8F7F 6C04 5196 7B84 | RSA-4096  | [Download Public Key](https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xacf39ccded38e2c6f0898bf28f7f6c0451967b84) |
+| 2A5E 8B33 8438 CAC7 033F 9D8F B8A0 45C0 A6EC 398E | RSA-4096  | [Download Public Key](https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x2a5e8b338438cac7033f9d8fb8a045c0a6ec398e) |
 
 ## Reporting Vulnerabilities