When we scan a distribution to do a signature check we “just” scan back from the end of the file to the first '-' and call that the version.
This dies horribly with versions with '-' in them (like logback-access-1.3.0-alpha-14
logback-access-1.3.0-alpha-14
We can make things better by carrying on going backwards until we find an artifact ID we know about (or there are not more '-' left.
When we scan a distribution to do a signature check we “just” scan back from the end of the file to the first '-' and call that the version.
This dies horribly with versions with '-' in them (like
logback-access-1.3.0-alpha-14We can make things better by carrying on going backwards until we find an artifact ID we know about (or there are not more '-' left.