I'd prefer to use the original jars and patch them using 'our'
maven-plugin. We can also add a deletion for the signing stuff there.
This haqs from my POV the benefit that you don't need to remember what
you've done whenever you update to a never version of the jars (and
documentation (writing and reading) is a developers favourit task ;-)