> Furthermore, it would seem that automating this process would be the answer, > as > it probably wouldn't be difficult to crawl the repository and check checksums > and > either (a) add them where they are missing or (b) fix them where they are > there > and are incorrect.
I don't think you want to automate fixing them, only detecting the problems. Because if/when an honestly bad (or compromised/hacked) jar lands in Central, you want to know about it, and not just assume it is correct and use that MD5, right? Wayne --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
