On Mon, Oct 6, 2008 at 10:08 PM, Hiram Chirino <[EMAIL PROTECTED]> wrote:
> There are maven plugins that can validate the checksums of 3rd party > dependencies. Uhhh... Call me stupid, but how can checksum solve anything other than assuring that the download worked?? AFAIK, Maven does not pick up the checksums from the "authorative" server and validates it against the mirrored one. Perhaps that has changed since "back then"... And even then, how hard can it be to get the same 1024/2048/65536/... bit checksum by modifying that many 'extra' or 'unused' bits? Cheers Niclas --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
