The jar signer is pluggable, so that one can adapt the signing to their own needs. For example, one may want for example to use a server side jar signing solution ( provides an example of such signing implementation).
See src/test/projects/project5 as an example on how to use an external jar signer. (FIXME further describe here and move to an it test)