> > This will only be relevant to you if you use > > org.apache.httpcomponents.httpclient > > and exactly version > > 4.3.6.v201411290715 > We seem to have it in our Oomph repos. I've checked this: > > estepper@build:~/oomph/drops/release/1.3.0/plugins> jarsigner - > verify -certs > org.apache.httpcomponents.httpclient_4.3.6.v201411290715.jar > jar verified. > > So, we're good, right? >
Yes, you're good. And, to clarify, that is the right version to have in your Mars.2 repos (if you use it at all). But since there is a "bad" one out there (in Orbit, at least) with the same version, I was suggesting to verify if it was in your project repositories to make sure you had the good one. If it is the good one, you get "jar verified" as above. If it is "the bad one" it will be pretty obvious: $ jarsigner -verify org.apache.httpcomponents.httpclient_4.3.6.v201411290715.jar jarsigner: java.lang.SecurityException: SHA1 digest error for org/apache/http/client/cache/HttpCacheEntry.class And, FYI, the code has not been "tampered with" in any "bad" way. It is just that since it is not signed correctly so p2 and others will not install it. Thanks,
_______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@eclipse.org To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev