We have noticed that many of the jars (almost all) when fetched by maven are different from the ones packaged in the bin.zip which are different from the bin.tar.gz?
This was observed while trying to identify multiple jars recently e.g. log4j-core-2.14.0.jar 063d95404bb4665a872d44a17710dab85bbb5fcf4eb22e777a6a137b50053235 from random software package 966886853b3b31fe100050d6294e921167ed510a3af6ac97dedc5f49b809a6d0 from apache-log4j-2.14.0-bin.tar.gz f04ee9c0ac417471d9127b5880b96c3147249f20674a8dbb88e9949d855382a8 from Maven 68d793940c28ddff6670be703690dfdf9e77315970c42c4af40ca7261a8570fa from apache-log4j-2.14.0-bin.zip Thoughts? Jason Pyeron | Architect PD Inc | Certified SBA 8(a) 10 w 24th St | Certified SBA HUBZone Baltimore, MD | CAGE Code: 1WVR6 .mil: <mailto:jason.j.pyeron....@mail.mil> jason.j.pyeron....@mail.mil .com: <mailto:jpye...@pdinc.us> jpye...@pdinc.us tel : 202-741-9397
