[
https://issues.apache.org/jira/browse/MRESOLVER-151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17248198#comment-17248198
]
Robert Scholte commented on MRESOLVER-151:
------------------------------------------
{quote}bq. But Maven does too? Shouldn't we provide sane defaults? Removing
default policies would be to change APIs. I think a strict default is better
than a dev setting warn due to laziness.
{quote}
AFAIK Maven always selected the valid policy. For other tools using Artifact
Resolver we cannot tell.
The contract
https://github.com/apache/maven-resolver/blob/master/maven-resolver-spi/src/main/java/org/eclipse/aether/spi/connector/checksum/ChecksumPolicyProvider.java
says that policies may never be null.
However, the default implementation doesn't work like that: both null and
invalid values will silently use the default, whereas both are illegal
arguments to me.
> Switch the default checksum policy from "warn" to "fail"
> --------------------------------------------------------
>
> Key: MRESOLVER-151
> URL: https://issues.apache.org/jira/browse/MRESOLVER-151
> Project: Maven Resolver
> Issue Type: Task
> Components: Resolver
> Affects Versions: 1.6.1
> Reporter: Michael Osipov
> Assignee: Michael Osipov
> Priority: Major
> Fix For: 1.7.0
>
>
> This mirrors MNG-5728. The change has to happen in
> {{DefaultChecksumPolicyProvider}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
