Hello, I want to write a plugin which does dump/verify the hashes of all dependencies and plugins used in the build. That way I can "lock" dependencies in the source not only by version, but also by checksum.
I have currently the following @Mojo(requiresDependencyCollection=TEST) project.getArtifacts() project.getPluginArtifacts() This looks about right, I get the dependencies of my project as well as some plugins. For the Artifacts of the plugins I dont see a file location, what would be the best way to get a file handle. Or is there an alternate method where I can get the SHA1 hash of the (used) files? Do you think this is a robust method to get hold of the most resolved dependencies? Gruss Bernd --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
