There's an open issue for this, that maven should try to care about the content of at least the metadata and not just take garbage. It frequently happens to travelers when they hit a login page to a public wifi.
-----Original Message----- From: chago [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 30, 2008 5:18 PM To: users@maven.apache.org Subject: Re: default checksumPolicy is warn. Can we switch to fail ? I'm not sure if fail is the right move, nor do I think warn is correct. That is unless some other behavior is put in place. Namely, a checksum failure in a repository should simply continue to the next repository. Just because one repository has a corrupt artifact doesn't mean that it should be used (as is the case with warn). This is currently the case today with this artifact: org.codehaus.mojo:selenium-maven-plugin:pom:1.0-beta-2 This pom includes a reference to OpenQA's repository: http://maven.openqa.org/ Unforunately, they changed their website repository URL and instead of automatically forwarding requests to the new repository location, they are putting up an HTML page explaining the change. So, the request for an artifact results in the return of this web page. Of course, the HTML doesn't match a checksum, but Maven doesn't care. It warns, then uses this non-existent artifact (d/l as HTML)! The kicker is the artifact never existed in the openqa repository. It's in the central maven repository. But because the openqa website answered with an HTTP 200 code, maven will use the web page as the artifact!? Even a checksumPolicy property wouldn't help in this case, since it is the codehaus selenium plugin that defines the repository. Maven should just simply check the next repository in the list when their is a bad checksum. -- jim Jerome Lacoste-2 wrote: > > But I have a question regarding the checksum policy. > > I've tracked down the original decision for the default checksum policy > setting: http://jira.codehaus.org/browse/MNG-339 which states that the > default was warn because of problems with bad checksums being a problem > for > bootstrapping [2]. This was in 2005. Are these problems still valid ? > Could > maven switch to a fail default policy ? > > -- View this message in context: http://www.nabble.com/default-checksumPolicy-is-warn.-Can-we-switch-to-f ail---tp16368696s177p16991720.html Sent from the Maven - Users mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
