https://bz.apache.org/bugzilla/show_bug.cgi?id=65102
--- Comment #3 from piotrw <piotr.wyder...@aptitudesoftware.com> --- I took the source package from your official website: https://downloads.apache.org/tomcat/tomcat-9/v9.0.41/src/apache-tomcat-9.0.41-src.tar.gz together with the signature file: https://downloads.apache.org/tomcat/tomcat-9/v9.0.41/src/apache-tomcat-9.0.41-src.tar.gz.sha512 I have independently verified earlier that the fix you suggested (1.2.4 bump + signature hash update) is sufficient to restore compilability. However, to me the problem is not a minor issue, as it derails my automated build pipelines. Using my modified source package is technically possible, but it adds a lot of security-related paperwork. I need to formally explain why we are not using the official package issued by the vendor etc. So if you could please issue a fixed source package, it would help me a lot. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
