I'm not sure if fail is the right move, nor do I think warn is correct. That
is unless some other behavior is put in place. Namely, a checksum failure in
a repository should simply continue to the next repository.
Just because one repository has a corrupt artifact doesn't mean that it
should be used (as is the case with warn).
This is currently the case today with this artifact:
org.codehaus.mojo:selenium-maven-plugin:pom:1.0-beta-2
This pom includes a reference to OpenQA's repository:
http://maven.openqa.org/
Unforunately, they changed their website repository URL and instead of
automatically forwarding requests to the new repository location, they are
putting up an HTML page explaining the change. So, the request for an
artifact results in the return of this web page. Of course, the HTML doesn't
match a checksum, but Maven doesn't care. It warns, then uses this
non-existent artifact (d/l as HTML)!
The kicker is the artifact never existed in the openqa repository. It's in
the central maven repository. But because the openqa website answered with
an HTTP 200 code, maven will use the web page as the artifact!?
Even a checksumPolicy property wouldn't help in this case, since it is the
codehaus selenium plugin that defines the repository. Maven should just
simply check the next repository in the list when their is a bad checksum.
-- jim
Jerome Lacoste-2 wrote:
>
> But I have a question regarding the checksum policy.
>
> I've tracked down the original decision for the default checksum policy
> setting: http://jira.codehaus.org/browse/MNG-339 which states that the
> default was warn because of problems with bad checksums being a problem
> for
> bootstrapping [2]. This was in 2005. Are these problems still valid ?
> Could
> maven switch to a fail default policy ?
>
>
--
View this message in context:
http://www.nabble.com/default-checksumPolicy-is-warn.-Can-we-switch-to-fail---tp16368696s177p16991720.html
Sent from the Maven - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
