On 2024/06/21 13:18:26 STEFFAN Alexandra wrote: > Hi, > > We've noticed that the Maven Common Artifact Filters has a dependency on > maven-resolver-util. This dependency has been downgraded from 1.6.3 to 1.4.1 > in Common Artifact Filters 3.4.0. > > This was done in commit > https://github.com/apache/maven-common-artifact-filters/pull/36/files#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8L60-R60 > . > > It has come to our attention that version 1.4.1 uses a PGP Key without a UID > and we can't verify the maintainer of this version. > > a) Was the change intentional?
Yes > b) Is the PGP key verifiable with the fingerprint > org.apache.maven.resolver:maven-resolver-api:1.4.1 = > 0x522CA055B326A636D833EF6A0551FD3684FCBBB7? https://keyserver.ubuntu.com/pks/lookup?search=0x522CA055B326A636D833EF6A0551FD3684FCBBB7&fingerprint=on&op=index --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org