You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Anders Hammar (JIRA)" <ji...@codehaus.org> on 2010/06/01 16:02:12 UTC

[jira] Created: (MEV-662) Invalid Geronimo signatures in central

Invalid Geronimo signatures in central
--------------------------------------

                 Key: MEV-662
                 URL: http://jira.codehaus.org/browse/MEV-662
             Project: Maven Evangelism
          Issue Type: Bug
            Reporter: Anders Hammar


I've found a few more invalid signatures in central:

org.apache.geronimo.genesis:genesis:pom:1.2 - This one has been reported in GERONIMO-5309 as well.

org.apache.geronimo.specs:geronimo-j2ee-management_1.0_spec:pom:1.1

org.apache.geronimo.specs:geronimo-ejb_2.1_spec:pom:1.1

org.apache.geronimo.specs:geronimo-j2ee-deployment_1.1_spec:pom:1.1

org.apache.geronimo.specs:geronimo-ejb_3.0_spec:pom:1.0

I found these when trying to download dependencies through Nexus Pro signature procurement. I would suspect that there are more invalid signatures within the org.apache.geronimo space.

Not sure what should be done - should these signatures be removed? As it's the poms, it should be possible for the Geronimo project to check against svn and re-sign, but the comments in GERONIMO-5309 makes me suspect they don't want to do that.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Commented: (MEV-662) Invalid Geronimo signatures in central

Posted by "Anders Hammar (JIRA)" <ji...@codehaus.org>.

    [ http://jira.codehaus.org/browse/MEV-662?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223719#action_223719 ] 

Anders Hammar commented on MEV-662:
-----------------------------------

More invalid signatures (the genesis-1.1 release):

org.apache.geronimo.genesis:genesis:pom:1.1
org.apache.geronimo.genesis.config:*:pom:1.1
org.apache.geronimo.genesis.plugins:*:pom:1.1


> Invalid Geronimo signatures in central
> --------------------------------------
>
>                 Key: MEV-662
>                 URL: http://jira.codehaus.org/browse/MEV-662
>             Project: Maven Evangelism
>          Issue Type: Bug
>            Reporter: Anders Hammar
>
> I've found a few more invalid signatures in central:
> org.apache.geronimo.genesis:genesis:pom:1.2 - This one has been reported in GERONIMO-5309 as well.
> org.apache.geronimo.specs:geronimo-j2ee-management_1.0_spec:pom:1.1
> org.apache.geronimo.specs:geronimo-ejb_2.1_spec:pom:1.1
> org.apache.geronimo.specs:geronimo-j2ee-deployment_1.1_spec:pom:1.1
> org.apache.geronimo.specs:geronimo-ejb_3.0_spec:pom:1.0
> I found these when trying to download dependencies through Nexus Pro signature procurement. I would suspect that there are more invalid signatures within the org.apache.geronimo space.
> Not sure what should be done - should these signatures be removed? As it's the poms, it should be possible for the Geronimo project to check against svn and re-sign, but the comments in GERONIMO-5309 makes me suspect they don't want to do that.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Commented: (MEV-662) Invalid Geronimo signatures in central

Posted by "Anders Hammar (JIRA)" <ji...@codehaus.org>.

    [ http://jira.codehaus.org/browse/MEV-662?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=223700#action_223700 ] 

Anders Hammar commented on MEV-662:
-----------------------------------

Found one more invalid signature:

org.apache.geronimo.specs:specs:pom:1.2


> Invalid Geronimo signatures in central
> --------------------------------------
>
>                 Key: MEV-662
>                 URL: http://jira.codehaus.org/browse/MEV-662
>             Project: Maven Evangelism
>          Issue Type: Bug
>            Reporter: Anders Hammar
>
> I've found a few more invalid signatures in central:
> org.apache.geronimo.genesis:genesis:pom:1.2 - This one has been reported in GERONIMO-5309 as well.
> org.apache.geronimo.specs:geronimo-j2ee-management_1.0_spec:pom:1.1
> org.apache.geronimo.specs:geronimo-ejb_2.1_spec:pom:1.1
> org.apache.geronimo.specs:geronimo-j2ee-deployment_1.1_spec:pom:1.1
> org.apache.geronimo.specs:geronimo-ejb_3.0_spec:pom:1.0
> I found these when trying to download dependencies through Nexus Pro signature procurement. I would suspect that there are more invalid signatures within the org.apache.geronimo space.
> Not sure what should be done - should these signatures be removed? As it's the poms, it should be possible for the Geronimo project to check against svn and re-sign, but the comments in GERONIMO-5309 makes me suspect they don't want to do that.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Closed: (MEV-662) Invalid Geronimo signatures in central

Posted by "Juven Xu (JIRA)" <ji...@codehaus.org>.

     [ http://jira.codehaus.org/browse/MEV-662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Juven Xu closed MEV-662.
------------------------

    Resolution: Won't Fix
      Assignee: Juven Xu

moved to https://issues.sonatype.org/browse/MVNCENTRAL-5
MEV will be shut down in a near future

> Invalid Geronimo signatures in central
> --------------------------------------
>
>                 Key: MEV-662
>                 URL: http://jira.codehaus.org/browse/MEV-662
>             Project: Maven Evangelism
>          Issue Type: Bug
>            Reporter: Anders Hammar
>            Assignee: Juven Xu
>
> I've found a few more invalid signatures in central:
> org.apache.geronimo.genesis:genesis:pom:1.2 - This one has been reported in GERONIMO-5309 as well.
> org.apache.geronimo.specs:geronimo-j2ee-management_1.0_spec:pom:1.1
> org.apache.geronimo.specs:geronimo-ejb_2.1_spec:pom:1.1
> org.apache.geronimo.specs:geronimo-j2ee-deployment_1.1_spec:pom:1.1
> org.apache.geronimo.specs:geronimo-ejb_3.0_spec:pom:1.0
> I found these when trying to download dependencies through Nexus Pro signature procurement. I would suspect that there are more invalid signatures within the org.apache.geronimo space.
> Not sure what should be done - should these signatures be removed? As it's the poms, it should be possible for the Geronimo project to check against svn and re-sign, but the comments in GERONIMO-5309 makes me suspect they don't want to do that.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira