You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@uima.apache.org by "Richard Eckart de Castilho (Jira)" <de...@uima.apache.org> on 2022/05/13 17:40:00 UTC

[jira] [Resolved] (UIMA-6453) Invalid SHA512 generated for Maven artifacts

     [ https://issues.apache.org/jira/browse/UIMA-6453?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Richard Eckart de Castilho resolved UIMA-6453.
----------------------------------------------
    Resolution: Fixed

> Invalid SHA512 generated for Maven artifacts
> --------------------------------------------
>
>                 Key: UIMA-6453
>                 URL: https://issues.apache.org/jira/browse/UIMA-6453
>             Project: UIMA
>          Issue Type: Bug
>          Components: Build, Packaging and Test
>    Affects Versions: 3.2.0uimaFIT, 3.2.0SDK, 3.1.0ruta, 3.3.0SDK
>            Reporter: Richard Eckart de Castilho
>            Assignee: Richard Eckart de Castilho
>            Priority: Major
>             Fix For: 3.3.0uimaFIT, parent-pom-15, 3.3.1SDK, 3.1.0ruta
>
>
> The SHA512 signature files we generate for the Maven artifacts overwrite each other. E.g. in the recent uimaFIT 3.3.0 RC 2, I found:
> {noformat}
> % cat org/apache/uima/uimafit-maven-plugin/3.3.0/uimafit-maven-plugin-3.3.0.sha512
> 4db94daceccf1727b1620a20a708eb1830a95fa8ad967219ad7fff537bf845055174f659b43f3bb827cd1296d4608c10b3f36306a76da4dd27af50a45517bb2f  uimafit-maven-plugin-3.3.0-javadoc.jar
> {noformat}
> Looking at Maven Central, I can see such bad signatures in multiple releases:
> *UIMAJ*
> * https://repo1.maven.org/maven2/org/apache/uima/uimaj-core/3.1.1/ - looks ok
> * https://repo1.maven.org/maven2/org/apache/uima/uimaj-core/3.2.0/ - BAD
> * https://repo1.maven.org/maven2/org/apache/uima/uimaj-core/3.3.0/ - BAD (latest version)
>  
> *uimaFIT*
> * https://repo1.maven.org/maven2/org/apache/uima/uimafit-core/3.1.0/ - looks ok
> * https://repo1.maven.org/maven2/org/apache/uima/uimafit-core/3.2.0/ - BAD (latest version)
>  
> *RUTA*
> * https://repo1.maven.org/maven2/org/apache/uima/ruta-core/3.0.1/ - looks ok
> * https://repo1.maven.org/maven2/org/apache/uima/ruta-core/3.1.0/ - BAD (latest version)
> *UIMA-AS*
> * https://repo1.maven.org/maven2/org/apache/uima/uimaj-as-core/2.9.0/ - last release seems to have been before the SHA512 requirement
> *DUCC*
> * https://repo1.maven.org/maven2/org/apache/uima/uima-ducc-common/3.0.0/ - looks ok (latest version)



--
This message was sent by Atlassian Jira
(v8.20.7#820007)