[Building Sakai] Wrong or inexistant checksums for some dependencies
Steve Swinsburg
steve.swinsburg at gmail.com
Fri Feb 3 21:56:37 PST 2012
Is there a need for us to maintain third party libraries in our maven repo if they are in central? I'd suggest they be removed if possible.
Cheers
Steve
Sent from my iPhone
On 04/02/2012, at 4:34, Colin Hebert <colin.hebert at oucs.ox.ac.uk> wrote:
> Hello all,
>
> I tried to build sakai using the '---strict-checksums' option in maven
> and I had troubles with some dependencies having either a checksum
> different than the expected one (from the sha-1 file) or no sha-1 to
> verify against.
>
> Most of these dependencies are available on the maven repository at
> source.sakaiproject.org/maven2.
>
> Here is a list of the concerned dependencies (affecting my build):
>
> http://source.sakaiproject.org/maven2/batik/batik/1.5-fop-0.20-5/
> http://source.sakaiproject.org/maven2/fop/fop/20070301/
> http://source.sakaiproject.org/maven2/ical4j/ical4j/1.0-rc2/
> http://source.sakaiproject.org/maven2/javax/activation/activation/1.0.2/
> http://source.sakaiproject.org/maven2/javax/jms/jms/1.1/
> http://source.sakaiproject.org/maven2/javax/mail/mail/1.3.1/
> http://source.sakaiproject.org/maven2/javax/transaction/jta/1.0.1B/
> http://source.sakaiproject.org/maven2/jsf/jsf-api/1.1.01/
> http://source.sakaiproject.org/maven2/jsf/jsf-impl/1.1.01/
> http://source.sakaiproject.org/maven2/jta/jta/h2.1.8/
> http://source.sakaiproject.org/maven2/net/sf/jsmath/jsmath/3.3g/
> http://source.sakaiproject.org/maven2/net/sf/jsmath/jsmath-fonts/1.3/
> http://source.sakaiproject.org/maven2/OKI/OkiOSID/2.0/
> http://source.sakaiproject.org/maven2/org/apache/commons/xml-resolver/1.2/
> http://source.sakaiproject.org/maven2/org/azeckoski/reflectutils/0.9.15/
> http://source.sakaiproject.org/maven2/org/opensymphony/quartz/quartz/1.6.6/
> http://source.sakaiproject.org/maven2/portlet-api/portlet-api/1.0.1/
> http://source.sakaiproject.org/maven2/rome/itunes/0.3/
> http://source.sakaiproject.org/maven2/tomcat/catalina/tomcat-5.5.33/
> http://source.sakaiproject.org/maven2/tomcat/catalina-optional/tomcat-5.5.33/
> http://source.sakaiproject.org/maven2/tomcat/naming-resources/tomcat-5.5.33/
> http://source.sakaiproject.org/maven2/tomcat/jmx/tomcat-5.5.33/
> http://source.sakaiproject.org/maven2/zing/cql-java/0.7/
>
> There was also one from repo1 (net.sf.json-lib:json-lib:jar:jdk15:2.3).
>
> This could be be fixed to improve security; and for projects without
> sha-1 file, it will avoid corrupted downloads.
>
> Cheers,
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
More information about the sakai-dev
mailing list