Hi Aurélien,
Thanks for providing a trail.
Since the Maven Central published JAR has the same SHA256 checksum as the
one downloaded from the Xerces site, this is all good.
Regards,
Louis Jacomet
Senior Lead Software Engineer
Gradle
W. gradle.com
On Wed, Dec 6, 2023 at 9:48 AM Aurélien Pup
Hello,
This is my key.
I'm not a committer of Xerces J but I handled the push to Maven repository
as there was no committer with time available to do it or respond to my
requests.
See https://issues.apache.org/jira/browse/XERCESJ-1724 and
https://issues.sonatype.org/browse/OSSRH-60102?focusedId=97
Hello,
Sorry, I should have indicated where we obtained Xerces from.
Given this is for integration with the JVM ecosystem, we are using Maven
Central and obtained the files from there:
https://repo.maven.apache.org/maven2/xerces/xercesImpl/2.12.2/
I believe that artifacts deployed on Maven Centr
Hi Louis,
It seems to me that, for your needs you may download XercesJ 2.12.2
distributable from https://xerces.apache.org/mirrors.cgi [1].
The XercesJ release package downloaded from [1], should have a signature
conforming to one of the signing key available at
https://downloads.apache.org/xer
