Hello,

is there a way to get the fingerprints of all jboss-public-group artificates? I would like to do some validation checks regarding third party artifacts. I guess I could crawl and download all the .sha1 files, but I wonder if there is a less intrusive way?

In a related note, does jboss (or nexus) re-check upstream artifacts in the proxy+upload directories for changes? If you set up a new repository (for on-site cache or those dedicated ones for qa-builds), are you actually have a primary source for those artrifacts or will the new nexus instanes download the files from upstream again?