On 2021-11-17, Amarendra Godbole via Xmlunit-general wrote: > I wanted to highlight that the signature on xmlunit-1.3.jar is bad and > won't verify with the key. However, it verifies fine on the associated .pom > file.
Thank you. I can confirm the signature is reported as bad. The non-crypto checksums seem to be fine, but that's no guarantee things haven't been tampered with. Unfortuantely I haven't got any archive of the release I created more than twelve years ago so I cannot faithfully say whether the file is the one I created and something went wrong with the signature back then or the file really is bad. I'll ask Sonatype for advice. At least the signature for xmlunit-1.6.jar seems to be fine as well as some of the 2.x releases I've checked seem to be fine. Stefan _______________________________________________ Xmlunit-general mailing list Xmlunit-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xmlunit-general
