On 26/02/2010, at 2:02 AM, Marc Lustig wrote: > thanks for the swift response. > First I also thought it's an Archiva issue, but basically Maven is talking > to the Repo Manager, right? So Maven defines the contract, and Archiva can > only respond to the contract. > > We are still investigating the issue and try to reproduce different > scenarios. > > For now, the question for us is whether Maven has the concept of > artifact-verification by using hash-codes at all. > Any input on this matter?
Maven can't really do anything without either having a specific relationship with a repository manager (requesting it send back the checksum of an actual file, not the checksum it just sent), or redownloading the entire file. It is better for the repository manager to deal with uploads that don't match their checksum and give Maven back an HTTP error at the conclusion of the upload. Currently, Archiva is only checking the content length matches on upload to prevent partial upload corruption, and filing problem reports for mismatches with checksums from misbehaving clients as Wendy said. Please let us know if we can help diagnose the issue if it's not as simple as avoiding the scenarios in the two issues I listed. Thanks, Brett > > > > 2010/2/25 Brett Porter <[email protected]> > >> >> On 26/02/2010, at 1:30 AM, Wendy Smoak wrote: >> >>> On Thu, Feb 25, 2010 at 8:10 AM, Marc Lustig <[email protected]> wrote: >>>> we had a number of cases when the artifact in our central-repo >>>> (Archiva-based) was not consistent with the corresponding hash. >>> >>> You can configure the checksum policy to fail when Maven _downloads_ >>> an artifact if the checksum doesn't match. >>> >>> If you're having trouble with checksums when deploying to Archiva, it >>> would probably be best to ask on the Archiva users list. If artifacts >>> are getting added with the wrong checksum, that's probably a bug. >> >> Could it be one of these? >> http://jira.codehaus.org/browse/MNG-4301 >> http://jira.codehaus.org/browse/MNG-4235 >> >>> It >>> does have some 'repository health' reports that might help find the >>> problems after the fact. >> >> >> - Brett >> >> -- >> Brett Porter >> [email protected] >> http://brettporter.wordpress.com/ >> >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> -- Brett Porter [email protected] http://brettporter.wordpress.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
