maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Kjäll <alexander.kj...@gmail.com>
Subject Found that maven central serves a modified jar for spring-xml-2.0.5.RELEASE.jar
Date Fri, 24 Apr 2015 10:42:27 GMT
Hi

It seems that the jar file served here:

https://search.maven.org/#artifactdetails|org.springframework.ws|spring-xml|2.0.5.RELEASE|jar

differ from the jar file here:

http://repo.spring.io/release/org/springframework/ws/spring-xml/2.0.5.RELEASE/spring-xml-2.0.5.RELEASE.jar

This makes the pgp signature check fail and breaks our build.

Does there exist some sort of process to handle when a jar file have
been tampered with? In this case it's not anything malicious, just the
build time that differs (I presume that someone uploaded the wrong
jar).

best regards
Alexander Kjäll

Mime
View raw message