Wendy Smoak-3 wrote:
>
> On Wed, Jan 27, 2010 at 7:16 AM, Markku Saarela <[email protected]>
> wrote:
>
>> org.apache.xbean:xbean-finder-shaded:jar:3.6 artifact MD5 checksum does
>> not
>> match, so our Artifactory reject it's download.
>>
>> So where can i get original jar file?
>
> I wouldn't assume the jar is wrong without verifying the gpg
> signature... which I can't do because the public key is nowhere to be
> found.
>
> This needs to be addressed by the XBean project developers, not here.
> I forwarded your note to d...@geronimo (assuming it doesn't bounce; I'm
> not subscribed) to ask the developers about the problem.
>
The jar file signature verifies for me. It's signed by David Jencks from the
Geronimo project (XBean is a subproject). His key can be found in
http://www.apache.org/dist/geronimo/KEYS
There is a problem with the md5/sha checksum. IIUC, Maven 2.2 was used in
creating the xbean 3.6 release. Evidently 2.2 had an issue uploading files
to Nexus twice and calculating checksums on the doubled files (apologies if
I have the details wrong).
Any recommendations on how we can get these xbean 3.6 checksums fixed?
--kevan
--
View this message in context:
http://old.nabble.com/Maven-central-has-corrupted-artifact-org.apache.xbean%3Axbean-finder-shaded%3Ajar%3A3.6-tp27340027p27358784.html
Sent from the Maven - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
