pt., 21 cze 2024 o 16:39 Michael Osipov <micha...@apache.org> napisał(a):
> On 2024/06/21 13:18:26 STEFFAN Alexandra wrote: > > Hi, > > > > We've noticed that the Maven Common Artifact Filters has a dependency on > maven-resolver-util. This dependency has been downgraded from 1.6.3 to > 1.4.1 in Common Artifact Filters 3.4.0. > > > > This was done in commit > https://github.com/apache/maven-common-artifact-filters/pull/36/files#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8L60-R60 > . > > > > It has come to our attention that version 1.4.1 uses a PGP Key without a > UID and we can't verify the maintainer of this version. > > > > a) Was the change intentional? > > Yes > > > b) Is the PGP key verifiable with the fingerprint > org.apache.maven.resolver:maven-resolver-api:1.4.1 = > 0x522CA055B326A636D833EF6A0551FD3684FCBBB7? > > > https://keyserver.ubuntu.com/pks/lookup?search=0x522CA055B326A636D833EF6A0551FD3684FCBBB7&fingerprint=on&op=index also can check key in: https://downloads.apache.org/maven/KEYS > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org > For additional commands, e-mail: users-h...@maven.apache.org > > -- Sławomir Jaranowski
