You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Chad La Joie <ch...@switch.ch> on 2008/04/23 12:29:41 UTC
MD5/SHA1 Hashes on artifacts
Maven produces MD5 and SHA1 hashes for artifacts published through the
deploy plugin (at least I think that's where it's occurring). Is there
a means to limit for which files a has is generated?
Specifically I don't want hashes generated for my PGP signatures.
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad.lajoie@switch.ch, http://www.switch.ch
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: MD5/SHA1 Hashes on artifacts
Posted by Chad La Joie <ch...@switch.ch>.
Because it doesn't provide any value. If Maven supported the
verification of a signature of the artifact I wouldn't want hashes at all.
Brian E. Fox wrote:
> Hashes are generated for everything shoved into the repository. Why wouldn't you want a hash on your sig?
>
> -----Original Message-----
> From: Chad La Joie [mailto:chad.lajoie@switch.ch]
> Sent: Wednesday, April 23, 2008 6:30 AM
> To: Maven Users List
> Subject: MD5/SHA1 Hashes on artifacts
>
> Maven produces MD5 and SHA1 hashes for artifacts published through the
> deploy plugin (at least I think that's where it's occurring). Is there
> a means to limit for which files a has is generated?
>
> Specifically I don't want hashes generated for my PGP signatures.
>
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad.lajoie@switch.ch, http://www.switch.ch
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
RE: MD5/SHA1 Hashes on artifacts
Posted by "Brian E. Fox" <br...@reply.infinity.nu>.
Hashes are generated for everything shoved into the repository. Why wouldn't you want a hash on your sig?
-----Original Message-----
From: Chad La Joie [mailto:chad.lajoie@switch.ch]
Sent: Wednesday, April 23, 2008 6:30 AM
To: Maven Users List
Subject: MD5/SHA1 Hashes on artifacts
Maven produces MD5 and SHA1 hashes for artifacts published through the
deploy plugin (at least I think that's where it's occurring). Is there
a means to limit for which files a has is generated?
Specifically I don't want hashes generated for my PGP signatures.
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad.lajoie@switch.ch, http://www.switch.ch
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: MD5/SHA1 Hashes on artifacts
Posted by Chad La Joie <ch...@switch.ch>.
Wendy Smoak wrote:
> On Wed, Apr 23, 2008 at 6:29 PM, Chad La Joie <ch...@switch.ch> wrote:
>> Maven produces MD5 and SHA1 hashes for artifacts published through the
>> deploy plugin (at least I think that's where it's occurring). Is there a
>> means to limit for which files a has is generated?
>>
>> Specifically I don't want hashes generated for my PGP signatures.
>
> I find that annoying also (but it doesn't really hurt anything.)
True, but I'm a bit of a neat freak so things like that tend to irritate
me. :)
> There is an issue open for the deploy plugin:
> http://jira.codehaus.org/browse/MDEPLOY-73
Missed this one.
> I also see one in the install plugin that's already fixed, but I'm not
> sure if this *also* fixes it for deploy:
> http://jira.codehaus.org/browse/MINSTALL-48
Not sure, I don't ever have the install plugin configured to do checksums.
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad.lajoie@switch.ch, http://www.switch.ch
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: MD5/SHA1 Hashes on artifacts
Posted by Wendy Smoak <ws...@gmail.com>.
On Wed, Apr 23, 2008 at 6:29 PM, Chad La Joie <ch...@switch.ch> wrote:
> Maven produces MD5 and SHA1 hashes for artifacts published through the
> deploy plugin (at least I think that's where it's occurring). Is there a
> means to limit for which files a has is generated?
>
> Specifically I don't want hashes generated for my PGP signatures.
I find that annoying also (but it doesn't really hurt anything.)
There is an issue open for the deploy plugin:
http://jira.codehaus.org/browse/MDEPLOY-73
I also see one in the install plugin that's already fixed, but I'm not
sure if this *also* fixes it for deploy:
http://jira.codehaus.org/browse/MINSTALL-48
--
Wendy
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org