You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Herve Boutemy (Jira)" <ji...@apache.org> on 2020/05/10 14:52:00 UTC
[jira] [Closed] (MWAR-432) Reproducible Builds: make entries in
output jar files reproducible (order + timestamp)
[ https://issues.apache.org/jira/browse/MWAR-432?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Herve Boutemy closed MWAR-432.
------------------------------
Assignee: Herve Boutemy
Resolution: Fixed
done in https://github.com/apache/maven-war-plugin/commit/fb71c014343f1e8ae8e9875df7e6dc0edba2ed68
> Reproducible Builds: make entries in output jar files reproducible (order + timestamp)
> --------------------------------------------------------------------------------------
>
> Key: MWAR-432
> URL: https://issues.apache.org/jira/browse/MWAR-432
> Project: Maven WAR Plugin
> Issue Type: New Feature
> Affects Versions: 3.2.3
> Reporter: Herve Boutemy
> Assignee: Herve Boutemy
> Priority: Major
> Fix For: 3.3.0
>
>
> since a jar file is a zip file, entries order and timestamp are a natural source of non Reproducible Builds: [https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=74682318]
> but given how war containers use timestamp to serve content, maybe fixed timestamp for SNASPHOTs is not appropriate: see https://github.com/gradle/gradle/issues/10917
> after discussion, given we don't force to a fixed timestamp but use a configured one, no issue...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)