www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: [Nexus] Does Nexus check MD5 and SHA1 files?
Date Mon, 23 Aug 2010 15:05:51 GMT
On 23 August 2010 15:51, Juven Xu <juven@sonatype.com> wrote:
> the checksum rule is enabled

If the rule is enabled, how come the user (not me) was able to upload
faulty checksums?

> so make sure you are not using Maven 2.2.0, it
> will generate incorrect checksums when it deploys artifact to Nexus.
>
> On Mon, Aug 23, 2010 at 5:36 PM, Juven Xu <juven@sonatype.com> wrote:
>>
>> currently only gpg validation rule is enabled
>>
>> Brian, i think you can enable all the other rules, like checksum, javadoc,
>> sources, pom etc.
>>
>> On Mon, Aug 23, 2010 at 5:21 AM, sebb <sebbaz@gmail.com> wrote:
>>>
>>> There seem to be some problems with the hash files in the recent
>>> HttpComponents Nexus deployment:
>>>
>>>
>>> https://repository.apache.org/content/repositories/orgapachehttpcomponents-132/org/apache/httpcomponents/httpcore-osgi/4.1-beta2/
>>>
>>> It looks like all the hashes are wrong.
>>>
>>> AFAIK, Nexus checks the sig (.ASC) files, because I remember getting
>>> an error when I forgot to upload my new key.
>>>
>>> If Nexus does not check hashes (as seems to be the case), are there
>>> any plans to add this feature?
>>
>>
>>
>> --
>> - juven
>
>
>
> --
> - juven
>

Mime
View raw message