Could not determine the dependencies of task ':src:dist:javadocAggregate'. > Could not resolve all dependencies for configuration ':src:protocol:http:compileClasspath'. > Checksum/PGP violations detected on resolving configuration :src:protocol:http:runtimeClasspath Trusted PGP keys for group dnsjava are [3e1ac64f4e34e290503c90323449ec3ac2efe8aa], however artifact is signed by [e06a36f67d8c1bd13f1f278d0ca7139cbc7026f9] only: dnsjava:dnsjava:3.6.2 (pgp=[e06a36f67d8c1bd13f1f278d0ca7139cbc7026f9], sha512=[computation skipped]) There might be more checksum violations, however, current configuration specifies the build to fail on the first violation. You might use the following properties: * -PchecksumIgnore temporary disables checksum-dependency-plugin (e.g. to try new dependencies) * -PchecksumUpdate updates checksum.xml and it will fail after the first violation so you can review the diff * -PchecksumUpdateAll (insecure) updates checksum.xml with all the new discovered checksums * -PchecksumFailOn=build_finish (insecure) It will postpone the failure till the build finish It will collect all the violations, however untrusted code might be executed (e.g. from a plugin) You can find updated checksum.xml file at /Users/runner/work/jmeter/jmeter/build/checksum/checksum.xml. You might add -PchecksumUpdate to update root checksum.xml file.