Hi Gary,

On Sun, 1 Sept 2024 at 23:00, Piotr P. Karwasz <piotr.karw...@gmail.com> wrote:
> On Sun, 1 Sept 2024 at 22:44, Gary Gregory <garydgreg...@gmail.com> wrote:
> > [ERROR] sha512 mismatch log4j-bom-2.24.0-cyclonedx.xml: investigate
> > with diffoscope
> > target/reference/org.apache.logging.log4j/log4j-bom-2.24.0-cyclonedx.xml
> > target/bom.xml
>
> Could you investigate with `diff
> target/reference/org.apache.logging.log4j/log4j-bom-2.24.0-cyclonedx.xml
> target/bom.xml`?

Since you are the main Release Manager of Apache Commons, try clearing
the local Maven cache (e.g. `~/.m2/repository/org/apache/commons`). It
is possible you have some unofficial Commons releases in your cache,
which breaks the reproducibility of the SBOM.

Piotr

Reply via email to