On 26 Jun 07, at 2:23 PM 26 Jun 07, Jason van Zyl wrote:
On 26 Jun 07, at 1:27 PM 26 Jun 07, Carlos Sanchez wrote:
The checksums and signature don't match the pom
http://jira.codehaus.org/browse/MEV-530
It's not just that it's all of them.
By this I mean POMs. The 2.0.7 Maven parent POM has a bad signature.
I haven't tried anything else but looking at the code it looks like
it might be a renaming problem i.e. not being signed in the same form
and renamed together.
I checked the staging repository and the production repository and
the signature is bad in both places and all the files identical in
both places. So it's being generated incorrectly, or being
corrupted during the deployment. If I sign it from the command line
the signature is fine. The key I generate from the command line and
what's in the repo aren't even vaguely similar. I will take a look
at the GPG plugin. That's my first guess.
--
I could give you my word as a Spaniard.
No good. I've known too many Spaniards.
-- The Princess Bride
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Thanks,
Jason
----------------------------------------------------------
Jason van Zyl
Founder and PMC Chair, Apache Maven
jason at sonatype dot com
----------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Thanks,
Jason
----------------------------------------------------------
Jason van Zyl
Founder and PMC Chair, Apache Maven
jason at sonatype dot com
----------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
