Menu
▾
▴
Re: [Xmlunit-general] Bad signature on xmlunit 1.3 jar
|
From: Amarendra G. <ama...@br...> - 2021-12-09 23:30:12
|
On 12/09/21, Stefan Bodewig wrote: >On 2021-11-18, Stefan Bodewig via Xmlunit-general wrote: > >> On 2021-11-17, Amarendra Godbole via Xmlunit-general wrote: >> >> > I wanted to highlight that the signature on xmlunit-1.3.jar is bad and >> > won't verify with the key. However, it verifies fine on the associated .pom >> > file. >> >> Thank you. >> >> I can confirm the signature is reported as bad. The non-crypto checksums >> seem to be fine, but that's no guarantee things haven't been tampered >> with. > >[...] > >> I'll ask Sonatype for advice. > >The policy for Maven Central forbids replacing the jar - even if I could >create a new one - so the only advice is to tell people not to use >XMLUnit 1.3 and use a more recent version instead. Which is the best for >our users anyway as XMLUnit 1.x is not really supprted anymore. [...] Thanks and yes, we have upgraded to a more recent version already, though wanted to clarify the bad signature. Appreciate the follow-up. -ag -- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it. |
