checksums published in Maven are incorrect

[GoogleCodeExporter]

The checksums (md5 and sha1) being published in the yoolab maven repository
are incorrect. This seems to be the case for many, if not all, artifacts.
For example, a maven build using as3commons-reflect-1.3 as a dependency
fails when checksum validation is turned on.

If I download the as3commons-reflect-1.3.pom from the yooolab maven
repository and the same pom from the subversion version control repository,
they are identical when I do a diff on them. I also get the same MD5 and
SAH1 checksums for them. But those checksums do not match those published
in the as3commons-reflect-1.3.pom.sha1 and as3commons-reflect-1.3.pom.md5
files in the yoolab repo.

Maven 2.2.0 had a bug in it that it published (i.e. deployed) bad checksums
(see http://jira.codehaus.org/browse/MNG-4235) Is it possible as3-commons
is using v 2.2.0? 

Original issue reported on code.google.com by mved...@gmail.com on 23 Apr 2010 at 7:30

[GoogleCodeExporter]

I am unaware of the maven version it was used to deploy the artifacts on the
repository, neverthless by managing this issue I discovered that apparently 
version
2.2.1 (which I am currently using and that is at this time the latest stable) is
still affected by a similar bug: http://jira.codehaus.org/browse/MNG-4301.

Following the workarounds reported on the ticket I could redeploy without 
problems
all latest releases (including as3commons-reflect-1.3). I leave the ticket open 
so
that I will remember to review the issue for a possibly more stable solution.

Original comment by martino....@gmail.com on 20 May 2010 at 4:12

• Changed state: Accepted