Hei, I think there's a problem somewhere in the artifact downloading process. And I also wonder why the default checksumPolicy is warn.
Because of a flaky internet line, my local repository got badly corrupted and basic things didn't work at all in very strange ways. The cause: jars were incompletely downloaded. This happened with maven 2.0.6. I will try with 2.0.8 or .9rc if I can. Here's a way to identify invalid jars in your local repo: $ cat isbrokenjar.sh #!/bin/bash jar tf $1 2&>1 > /dev/null || echo "INVALID $1" $ find ~/.m2/repository/ -name "*.jar" | xargs -l1 ./isbrokenjar.sh INVALID /home/jerome/.m2/repository/com/jcraft/jzlib/1.0.7/jzlib- 1.0.7-javadoc.jar [...] These download errors went unnoticed. The only thing maven detected was a checksum failure. I would argue that the problem should have been detected before the checksum verification. I am not yet sure where the problem lies, so I haven't yet opened an issue. Maybe httpclient underneath wagon http provider ? But I have a question regarding the checksum policy. I've tracked down the original decision for the default checksum policy setting: http://jira.codehaus.org/browse/MNG-339 which states that the default was warn because of problems with bad checksums being a problem for bootstrapping [2]. This was in 2005. Are these problems still valid ? Could maven switch to a fail default policy ? [1] http://maven.apache.org/ref/2.0.8/maven-settings/settings.html#class_releases [2] http://svn.apache.org/viewvc/maven/components/trunk/maven-artifact/src/test/java/org/apache/maven/artifact/ArtifactComponentTestCase.java?rev=191536&content-type=text/vnd.viewcvs-markup