Maven doesn't warn about corrupted jars

Question

I've just fixed another weird bug. After adding spring-core to pom.xml I had "object scala not found" while building a project with maven. After googling for quite a long time about this error I was happy enough to try to build the project with Eclipse. And voila! It reported that spring-core jar was corrupted.

So, my question is: Why maven didn't report it? It could not only test jar files if they valid archives or not, but also check hash sums. And I believe it should check hash sums. Do I miss something?

BTW, It wasn't the only case, unfortunately I cannot remember details of several others.

UPDATE: It looks like checksumPolicy tag addresses this. But for some reason it doesn't work.

UPDATE 2: Here is test case which reproduces error I described originally:

cd "<maven_local_repo>\org\springframework\spring-core\3.1.3.RELEASE"
cp spring-core-3.1.3.RELEASE.jar spring-core-3.1.3.RELEASE.jar.old
#corrupt file manually
dd skip=100 if=spring-core-3.1.3.RELEASE.jar.old of=spring-core-3.1.3.RELEASE.jar
cd "<my_project_dir>"
mvn clean package

Answer 1

Maven checks hash-sum.

When you run maven you can use command-line options.
Fail the build if checksums don't match:
-C,--strict-checksums
Warn if checksums don't match:
-c,--lax-checksums

Answer 2

Check out JBoss Tattletale.i believe it has what you are looking for:

1. Identify dependencies between JAR files
2. Find missing classes from the classpath
3. Spot if a class is located in multiple JAR files
4. Spot if the same JAR file is located in multiple locations With a list of what each JAR file requires and provides
5. Verify the SerialVersionUID of a class
6. Find similar JAR files that have different version numbers
7. Find JAR files without a version number
8. Locate a class in a JAR file
9. Get the OSGi status of your project
10. Remove black listed API usage

You can integrate it in maven build as explained here.