You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@maven.apache.org by Chad La Joie <ch...@switch.ch> on 2008/04/23 12:29:41 UTC

MD5/SHA1 Hashes on artifacts

Maven produces MD5 and SHA1 hashes for artifacts published through the 
deploy plugin (at least I think that's where it's occurring).  Is there 
a means to limit for which files a has is generated?

Specifically I don't want hashes generated for my PGP signatures.

-- 
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad.lajoie@switch.ch, http://www.switch.ch


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: MD5/SHA1 Hashes on artifacts

Posted by Chad La Joie <ch...@switch.ch>.

Because it doesn't provide any value.  If Maven supported the 
verification of a signature of the artifact I wouldn't want hashes at all.

Brian E. Fox wrote:
> Hashes are generated for everything shoved into the repository. Why wouldn't you want a hash on your sig?
> 
> -----Original Message-----
> From: Chad La Joie [mailto:chad.lajoie@switch.ch] 
> Sent: Wednesday, April 23, 2008 6:30 AM
> To: Maven Users List
> Subject: MD5/SHA1 Hashes on artifacts
> 
> Maven produces MD5 and SHA1 hashes for artifacts published through the 
> deploy plugin (at least I think that's where it's occurring).  Is there 
> a means to limit for which files a has is generated?
> 
> Specifically I don't want hashes generated for my PGP signatures.
> 

-- 
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad.lajoie@switch.ch, http://www.switch.ch


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

RE: MD5/SHA1 Hashes on artifacts

Posted by "Brian E. Fox" <br...@reply.infinity.nu>.

Hashes are generated for everything shoved into the repository. Why wouldn't you want a hash on your sig?

-----Original Message-----
From: Chad La Joie [mailto:chad.lajoie@switch.ch] 
Sent: Wednesday, April 23, 2008 6:30 AM
To: Maven Users List
Subject: MD5/SHA1 Hashes on artifacts

Maven produces MD5 and SHA1 hashes for artifacts published through the 
deploy plugin (at least I think that's where it's occurring).  Is there 
a means to limit for which files a has is generated?

Specifically I don't want hashes generated for my PGP signatures.

-- 
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad.lajoie@switch.ch, http://www.switch.ch

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: MD5/SHA1 Hashes on artifacts

Posted by Chad La Joie <ch...@switch.ch>.


Wendy Smoak wrote:
> On Wed, Apr 23, 2008 at 6:29 PM, Chad La Joie <ch...@switch.ch> wrote:
>> Maven produces MD5 and SHA1 hashes for artifacts published through the
>> deploy plugin (at least I think that's where it's occurring).  Is there a
>> means to limit for which files a has is generated?
>>
>>  Specifically I don't want hashes generated for my PGP signatures.
> 
> I find that annoying also (but it doesn't really hurt anything.)

True, but I'm a bit of a neat freak so things like that tend to irritate 
me.  :)

> There is an issue open for the deploy plugin:
> http://jira.codehaus.org/browse/MDEPLOY-73

Missed this one.

> I also see one in the install plugin that's already fixed, but I'm not
> sure if this *also* fixes it for deploy:
> http://jira.codehaus.org/browse/MINSTALL-48

Not sure, I don't ever have the install plugin configured to do checksums.

-- 
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad.lajoie@switch.ch, http://www.switch.ch


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: MD5/SHA1 Hashes on artifacts

Posted by Wendy Smoak <ws...@gmail.com>.

On Wed, Apr 23, 2008 at 6:29 PM, Chad La Joie <ch...@switch.ch> wrote:
> Maven produces MD5 and SHA1 hashes for artifacts published through the
> deploy plugin (at least I think that's where it's occurring).  Is there a
> means to limit for which files a has is generated?
>
>  Specifically I don't want hashes generated for my PGP signatures.

I find that annoying also (but it doesn't really hurt anything.)

There is an issue open for the deploy plugin:
http://jira.codehaus.org/browse/MDEPLOY-73

I also see one in the install plugin that's already fixed, but I'm not
sure if this *also* fixes it for deploy:
http://jira.codehaus.org/browse/MINSTALL-48

-- 
Wendy

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org