maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Kjäll <>
Subject Found that maven central serves a modified jar for spring-xml-2.0.5.RELEASE.jar
Date Fri, 24 Apr 2015 10:42:27 GMT

It seems that the jar file served here:||spring-xml|2.0.5.RELEASE|jar

differ from the jar file here:

This makes the pgp signature check fail and breaks our build.

Does there exist some sort of process to handle when a jar file have
been tampered with? In this case it's not anything malicious, just the
build time that differs (I presume that someone uploaded the wrong

best regards
Alexander Kjäll

View raw message