www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carlos Sanchez <car...@apache.org>
Subject Re: How to get rid of bad sig that has been replicated
Date Fri, 19 Jun 2009 00:06:29 GMT
the source has propagated to the users already. The signature is not
downloaded by maven so it's better to change the later.

Maybe you can compare the contents of the old jar and confidently sign it?

On Thu, Jun 18, 2009 at 4:58 PM, Phil Steitz<phil@steitz.com> wrote:
> Carlos Sanchez wrote:
>> what's the sig file that needs to be deleted?
>> delete it from people.apache and then I'll do the same from central
> Could we possibly nuke the "old" source jar instead?  That way we end up
> with a signed jar on central.  The jar in question is
> commons-pool-1.2-sources.jar and we would have to delete the .md5 and .sha1
> in central too if we go this route..
> If you don't like that idea, I will delete from people.
> Thanks, Carlos, and sorry for the screw-up.
> Phil
>> On Thu, Jun 18, 2009 at 4:30 PM, Phil Steitz<phil@steitz.com> wrote:
>>> Earlier this week I put signed source jars for commons pool 1.1-1.4 in
>>> the
>>> m2-ibiblio-rsynch repo.  I did not notice that a source jar already
>>> existed
>>> for version 1.2 in maven central.  That jar did not have a sig.  What
>>> appears to have happened is that the new source jar did not overwrite the
>>> old one in repo1, but the new sig file did get replicated.  The result is
>>> that the sig does not match the jar.   How can we fix this?
>>> Phil

View raw message