The current set of jar's uploaded to maven central doesn't have corresponding .asc signature files.

This makes it hard to automatically verify that noone managed to inject malicious code when we download the files.