You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Toby Hobson <to...@btinternet.com> on 2006/09/25 13:22:43 UTC
Checksum validation
Just a quick question: how can I verify that the code maven downloads from the repo is what I expect.
As an example, I have the following in my pom:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring</artifactId>
<version>1.2.8</version>
</dependency>
How can I be sure that the jar maven downloads is the same as the jar on the spring site (sourceforge)? Can I pass a checksum to maven and ask it to validate that the jar is OK?
Thanks
Toby
Re: Checksum validation
Posted by Wayne Fay <wa...@gmail.com>.
If you don't trust the files being served by Central (ibiblio) and
other Maven repos, you will need to set up a local "Corporate" Repo
and fill it manually with jars you trust, and then instruct your
people to override Central with your own local repo and not allow them
to ever connect their Maven instance to the Internet.
While there is a checksum operation to validate the files downloaded
from Central are not corrupted during the transfer down to your
computer, there is no method I am aware of to trivially check that the
jar in Central is the same as the jar in Sourceforge, for example.
Wayne
On 9/25/06, Toby Hobson <to...@btinternet.com> wrote:
> Just a quick question: how can I verify that the code maven downloads from the repo is what I expect.
>
> As an example, I have the following in my pom:
> <dependency>
> <groupId>org.springframework</groupId>
> <artifactId>spring</artifactId>
> <version>1.2.8</version>
> </dependency>
> How can I be sure that the jar maven downloads is the same as the jar on the spring site (sourceforge)? Can I pass a checksum to maven and ask it to validate that the jar is OK?
> Thanks
> Toby
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org