While implementing a Maven environment for a customer where the signatures for used Apache artifacts are verified, I've stumbled upon the fact that the artifacts of wagon 1.0-beta-2 aren't signed. As all other versions (1.0 alphas and betas) have signatures, I'm confused. Does anyone know 1.0-beta-2 wasn't signed?
Unfortunately, very many plugins (most?) have a dependency to Maven 2.0.x which depends on this specific version of wagon. This causes an issue as it can't be verified. Could this be solved somehow so that we can have dependencies to signed artifacts? /Anders
