Artifactory 2.2.2 (the upcoming minor release) already has configurable checksum verification for _uploaded_ artifacts too.
FYI. On Thu, Feb 25, 2010 at 5:02 PM, Marc Lustig <[email protected]> wrote: > thanks for the swift response. > First I also thought it's an Archiva issue, but basically Maven is talking > to the Repo Manager, right? So Maven defines the contract, and Archiva can > only respond to the contract. > > We are still investigating the issue and try to reproduce different > scenarios. > > For now, the question for us is whether Maven has the concept of > artifact-verification by using hash-codes at all. > Any input on this matter? > > > > 2010/2/25 Brett Porter <[email protected]> > > > > > On 26/02/2010, at 1:30 AM, Wendy Smoak wrote: > > > > > On Thu, Feb 25, 2010 at 8:10 AM, Marc Lustig <[email protected]> > wrote: > > >> we had a number of cases when the artifact in our central-repo > > >> (Archiva-based) was not consistent with the corresponding hash. > > > > > > You can configure the checksum policy to fail when Maven _downloads_ > > > an artifact if the checksum doesn't match. > > > > > > If you're having trouble with checksums when deploying to Archiva, it > > > would probably be best to ask on the Archiva users list. If artifacts > > > are getting added with the wrong checksum, that's probably a bug. > > > > Could it be one of these? > > http://jira.codehaus.org/browse/MNG-4301 > > http://jira.codehaus.org/browse/MNG-4235 > > > > > It > > > does have some 'repository health' reports that might help find the > > > problems after the fact. > > > > > > - Brett > > > > -- > > Brett Porter > > [email protected] > > http://brettporter.wordpress.com/ > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > >
