https://github.com/s4u/pgpverify-maven-plugin

If you want paranoid mode, you can verify literally every part of the maven build process.