You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Wayne Fay <wa...@gmail.com> on 2008/05/01 00:07:52 UTC
Re: default checksumPolicy is warn. Can we switch to fail ?
This situation with OpenQA's repo etc is completely unacceptable, and
it should be embarrassing for them as well.
Does anyone know someone who works there who can help change things
for the better? I know we had similar troubles with a Maven mirror a
while back until they were removed from the list of "official"
mirrors.
Wayne
On 4/30/08, chago <na...@visualxs.com> wrote:
>
> I'm not sure if fail is the right move, nor do I think warn is correct. That
> is unless some other behavior is put in place. Namely, a checksum failure in
> a repository should simply continue to the next repository.
>
> Just because one repository has a corrupt artifact doesn't mean that it
> should be used (as is the case with warn).
>
> This is currently the case today with this artifact:
> org.codehaus.mojo:selenium-maven-plugin:pom:1.0-beta-2
>
> This pom includes a reference to OpenQA's repository:
> http://maven.openqa.org/
>
> Unforunately, they changed their website repository URL and instead of
> automatically forwarding requests to the new repository location, they are
> putting up an HTML page explaining the change. So, the request for an
> artifact results in the return of this web page. Of course, the HTML doesn't
> match a checksum, but Maven doesn't care. It warns, then uses this
> non-existent artifact (d/l as HTML)!
>
> The kicker is the artifact never existed in the openqa repository. It's in
> the central maven repository. But because the openqa website answered with
> an HTTP 200 code, maven will use the web page as the artifact!?
>
> Even a checksumPolicy property wouldn't help in this case, since it is the
> codehaus selenium plugin that defines the repository. Maven should just
> simply check the next repository in the list when their is a bad checksum.
>
> -- jim
>
> Jerome Lacoste-2 wrote:
> >
> > But I have a question regarding the checksum policy.
> >
> > I've tracked down the original decision for the default checksum policy
> > setting: http://jira.codehaus.org/browse/MNG-339 which states that the
> > default was warn because of problems with bad checksums being a problem
> > for
> > bootstrapping [2]. This was in 2005. Are these problems still valid ?
> > Could
> > maven switch to a fail default policy ?
> >
> >
>
> --
> View this message in context: http://www.nabble.com/default-checksumPolicy-is-warn.-Can-we-switch-to-fail---tp16368696s177p16991720.html
> Sent from the Maven - Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org