Details
-
Improvement
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
1.3
-
None
-
None
Description
Currently, Archiva verifies a deployed artifact only by comparing the content-length HTTP header with the actual file-size of the uploaded file.
To better prevent corrupt artifacts, it would help to verify the integrity of the artifact by comparing its local hashcode (sha1 or md5) with the one that has just been generated in Archiva.
In case the hashes differ,
a) an HTTP 400 status should be returned
b) an error should be logged.