I'll fix them on the apache repo. On Thu, Jan 28, 2010 at 2:55 PM, kevan <[email protected]> wrote: > > > > Wendy Smoak-3 wrote: >> >> On Wed, Jan 27, 2010 at 7:16 AM, Markku Saarela <[email protected]> >> wrote: >> >>> org.apache.xbean:xbean-finder-shaded:jar:3.6 artifact MD5 checksum does >>> not >>> match, so our Artifactory reject it's download. >>> >>> So where can i get original jar file? >> >> I wouldn't assume the jar is wrong without verifying the gpg >> signature... which I can't do because the public key is nowhere to be >> found. >> >> This needs to be addressed by the XBean project developers, not here. >> I forwarded your note to d...@geronimo (assuming it doesn't bounce; I'm >> not subscribed) to ask the developers about the problem. >> > > The jar file signature verifies for me. It's signed by David Jencks from the > Geronimo project (XBean is a subproject). His key can be found in > http://www.apache.org/dist/geronimo/KEYS > > There is a problem with the md5/sha checksum. IIUC, Maven 2.2 was used in > creating the xbean 3.6 release. Evidently 2.2 had an issue uploading files > to Nexus twice and calculating checksums on the doubled files (apologies if > I have the details wrong). > > Any recommendations on how we can get these xbean 3.6 checksums fixed? > > --kevan > > -- > View this message in context: > http://old.nabble.com/Maven-central-has-corrupted-artifact-org.apache.xbean%3Axbean-finder-shaded%3Ajar%3A3.6-tp27340027p27358784.html > Sent from the Maven - Users mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
