Give up on signing jars
As discussed in Mexico City, we're going to give up on signing jars.
The reason is that it makes the release process more complex for no real gain. We already sign release tarballs containing those jars.
In fact, when the release process is easier, we're going to add multiple signatures by multiple team members to the release tarball.
I'm going to post a metrics-base and metrics-lib patch soon.