You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Herve Boutemy (Jira)" <ji...@apache.org> on 2022/04/02 21:24:00 UTC
[jira] [Commented] (MARTIFACT-31) wrong comparison results when buildinfo has been published to Central
[ https://issues.apache.org/jira/browse/MARTIFACT-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17516397#comment-17516397 ]
Herve Boutemy commented on MARTIFACT-31:
----------------------------------------
after deep dive, root cause is that Dependency Check has published a buildinfo generated with maven-artifact-plugin 3.1.0
while rebuilding on Reproducible Central uses maven-artifact-plugin 3.2.0: this releases checks poms that were not checked before, then buildinfo does not have contain same files identifiers...
we can't use downloaded reference buildinfo to automatically check against actual buildinfo...
> wrong comparison results when buildinfo has been published to Central
> ---------------------------------------------------------------------
>
> Key: MARTIFACT-31
> URL: https://issues.apache.org/jira/browse/MARTIFACT-31
> Project: Maven Artifact Plugin
> Issue Type: Bug
> Components: artifact:compare
> Affects Versions: 3.2.0
> Reporter: Herve Boutemy
> Assignee: Herve Boutemy
> Priority: Major
> Fix For: 3.3.0
>
>
> trying to rebuild OWASP Dependency Check 6.5.0 on Reproducible Central leads to many false differences found
--
This message was sent by Atlassian Jira
(v8.20.1#820001)