-1, sorry rebuilding the release, I found differences in the CycloneDX SBOM files: it seems you have personal binaries in your local repository for Maven core 3.9.9 instead of the reference binaries from Maven Central
notice that it does not impact the .jar output, but I'd really prefer to avoid pushing SBOMs containing "bad" hashes for dependencies Regards, Hervé Le mardi 10 septembre 2024, 22:12:17 CEST Tamás Cservenák a écrit : > Howdy, > > We solved 6 issues: > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317521&ve > rsion=12354997 > > There are still a couple of issues left in JIRA: > https://issues.apache.org/jira/projects/MGPG/issues > > Staging repo: > https://repository.apache.org/content/repositories/maven-2203/ > > Source release checksum SHA512: > d03929bc679a755440605890c398bb146a0fd62ad52c81fc1204e5f908302fb0f98ad92cac18 > 1dda5767e97f31a0879459271ae67908ed789ff51cd76231a236 > > Staging site: > https://maven.apache.org/plugins-archives/maven-gpg-plugin-LATEST/ > > Guide to testing staged releases: > https://maven.apache.org/guides/development/guide-testing-releases.html > > Vote open for at least 72 hours. > > [ ] +1 > [ ] +0 > [ ] -1 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
