Menu
▾
▴
Re: [Xmlunit-general] Bad signature on xmlunit 1.3 jar
|
From: Stefan B. <ste...@fr...> - 2021-11-18 17:40:58
|
On 2021-11-17, Amarendra Godbole via Xmlunit-general wrote: > I wanted to highlight that the signature on xmlunit-1.3.jar is bad and > won't verify with the key. However, it verifies fine on the associated .pom > file. Thank you. I can confirm the signature is reported as bad. The non-crypto checksums seem to be fine, but that's no guarantee things haven't been tampered with. Unfortuantely I haven't got any archive of the release I created more than twelve years ago so I cannot faithfully say whether the file is the one I created and something went wrong with the signature back then or the file really is bad. I'll ask Sonatype for advice. At least the signature for xmlunit-1.6.jar seems to be fine as well as some of the 2.x releases I've checked seem to be fine. Stefan |
