Publishing to Maven Central for the first time is a nightmare experience 😱

I just gave up.

Did it via bintray, it was just 3/4 nightmare

Yeah, bintray is quite simple in comparison! They have a good gradle plugin and simple configuration.

I upload to bintray and then sync to maven central

Yeah, signing was one thing which was annoying. As was using the old maven publishing plugin which isn’t kotlin-dsl-friendly at all. Didn’t know that you can sync from Bintray to Maven Central, nice!

@Marc Knaup That was a question we wrestled with in the Clojure community (with our own clojars.org repository). The original idea was that artifacts would have two states: regular and "promoted", and the latter would only be allowed if they were signed. The theory was that Clojurians would exchange public keys to create a "web of trust" so that we could use "promoted" artifacts and check that they'd been signed by "known parties". In reality, not enough people felt the additional hassle of signing-and-sharing was worthwhile and the repository dropped the idea of promoted artifacts. A lot of people publish artifacts there without signing them now, because the hassle isn't worth it (and most Clojure JAR files are source anyway because it's compile-on-demand). TL;DR: signing really doesn't make things more secure if there's no verified "web of trust".

Interesting! Maybe with the rise of blockchain you'll get another shot at it :) But yeah, I'm surprised that Maven Central requires it. Gives a false sense of safety I think.