Signing .jars is worthless
There are no security benefits. It's waste of time.
Module Mirror and Checksum Database Launched
blog.golang.orgThe Go module mirror and checksum database provide faster, verified downloads of your Go dependencies.