Hi I am completely new to maven, just running through some ServiceMix tutorials (completely new to that too).
Tracking down a 'mvn install' failure that said: [INFO] ------------------------------------------------------------------------ [ERROR] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Compilation failure error: error reading /home/rjt/.m2/repository/org/springframework/spring-dao/2.0.6/spring-dao-2.0.6.jar; error in opening zip file error: error reading /home/rjt/.m2/repository/org/springframework/spring-support/2.0.6/spring-support-2.0.6.jar; error in opening zip file error: error reading /home/rjt/.m2/repository/xerces/xerces/2.0.2/xerces-2.0.2.jar; error in opening zip file I discover that the contents of these files are all spam web pages with the title: "Truck Performance Chips". I then searched my local repository for the same string and I get: grep -r Truck\ Performance\ Chips * commons-collections/commons-collections/2.1/commons-collections-2.1.pom:<title>Car & Truck Performance Chips</title> commons-pool/commons-pool/1.2/commons-pool-1.2.pom:<title>Car & Truck Performance Chips</title> commons-pool/commons-pool/1.3/commons-pool-1.3.pom:<title>Car & Truck Performance Chips</title> org/springframework/spring-beans/2.0.6/spring-beans-2.0.6.pom:<title>Car & Truck Performance Chips</title> org/springframework/spring-core/2.0.6/spring-core-2.0.6.pom:<title>Car & Truck Performance Chips</title> org/springframework/spring-dao/2.0.6/spring-dao-2.0.6.pom:<title>Car & Truck Performance Chips</title> org/springframework/spring-dao/2.0.6/spring-dao-2.0.6.jar:<title>Car & Truck Performance Chips</title> org/springframework/spring-context/2.0.6/spring-context-2.0.6.pom:<title>Car & Truck Performance Chips</title> org/springframework/spring-support/2.0.6/spring-support-2.0.6.jar:<title>Car & Truck Performance Chips</title> org/springframework/spring-support/2.0.6/spring-support-2.0.6.pom:<title>Car & Truck Performance Chips</title> xerces/xerces/2.0.2/xerces-2.0.2.jar:<title>Car & Truck Performance Chips</title> xerces/xerces/2.0.2/xerces-2.0.2.pom:<title>Car & Truck Performance Chips</title> This all looks very worrying. It suggests that one of the online repositories has been infiltrated. Is there anyway to discover which repository these files came from? I am beginning to worry about safety of using all this code pulled automatically from online repositories :-( Regards Richard The information contained in this E-Mail and any subsequent correspondence is private and is intended solely for the intended recipient(s). The information in this communication may be confidential and/or legally privileged. Nothing in this e-mail is intended to conclude a contract on behalf of QinetiQ or make QinetiQ subject to any other legally binding commitments, unless the e-mail contains an express statement to the contrary or incorporates a formal Purchase Order. For those other than the recipient any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance on such information is prohibited and may be unlawful. Emails and other electronic communication with QinetiQ may be monitored and recorded for business purposes including security, audit and archival purposes. Any response to this email indicates consent to this. Telephone calls to QinetiQ may be monitored or recorded for quality control, security and other business purposes. QinetiQ Limited Registered in England & Wales: Company Number:3796233 Registered office: 85 Buckingham Gate, London SW1E 6PD, United Kingdom Trading address: Cody Technology Park, Cody Building, Ively Road, Farnborough, Hampshire, GU14 0LX, United Kingdom http://www.qinetiq.com/home/notices/legal.html --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
