As part of the upcoming process to start automatically syncing Maven artifacts between and Maven central ( we will be enforcing several artifact validation rules.  In the past we have had problems with some of the Nexus validation rules, but these issues should now be resolved.  The validation rules currently in effect are the following:


Artifact Uniqueness Validation - Each staged artifact in a release must be unique to prevent uploading duplicate files.

Checksum Validation - The uploaded checksum of each file is checked against the file.

POM Validation - Several fields of the POMs are validated.

Sources Validation - There must be a -sources.jar file for each uploaded binary jar.


More information about the staging rules are available in the Nexus Book.  Before staging any release, please check that your project configuration matches the Maven Project Configuration Requirements.


In addition, it will eventually be required that all artifacts uploaded to include a valid PGP signature.  I'll be adding information about how to do this to the wiki, and probably write a separate blog post.  For information about how to generate a PGP signature for your project files, see the Maven GPG plugin.