Menu
▾
▴
Re: [Xmlunit-general] Bad signature on xmlunit 1.3 jar
|
From: Stefan B. <ste...@fr...> - 2021-12-09 18:52:12
|
On 2021-11-18, Stefan Bodewig via Xmlunit-general wrote: > On 2021-11-17, Amarendra Godbole via Xmlunit-general wrote: > > > I wanted to highlight that the signature on xmlunit-1.3.jar is bad and > > won't verify with the key. However, it verifies fine on the associated .pom > > file. > > Thank you. > > I can confirm the signature is reported as bad. The non-crypto checksums > seem to be fine, but that's no guarantee things haven't been tampered > with. [...] > I'll ask Sonatype for advice. The policy for Maven Central forbids replacing the jar - even if I could create a new one - so the only advice is to tell people not to use XMLUnit 1.3 and use a more recent version instead. Which is the best for our users anyway as XMLUnit 1.x is not really supprted anymore. Stefan |
