You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@plc4x.apache.org by "Julian Feinauer (Jira)" <ji...@apache.org> on 2020/03/01 13:54:01 UTC

[jira] [Closed] (PLC4X-148) Update the build to allow reproducible builds

     [ https://issues.apache.org/jira/browse/PLC4X-148?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Julian Feinauer closed PLC4X-148.
---------------------------------

> Update the build to allow reproducible builds
> ---------------------------------------------
>
>                 Key: PLC4X-148
>                 URL: https://issues.apache.org/jira/browse/PLC4X-148
>             Project: Apache PLC4X
>          Issue Type: New Feature
>    Affects Versions: 0.5.0
>            Reporter: Christofer Dutz
>            Assignee: Christofer Dutz
>            Priority: Major
>             Fix For: 0.6.0
>
>
> The maven team are currently releasing new versions of maven plugins which would allow to create reproducible builds. 
> This would have a huge benefit as when releasing binary artifacts both the PMC as well as users don't have the means to verify the binaries were actually build form exactly the sources they are voting on.
> With reproducible builds it would be possible to add one step of verification to the release verification where the locally built artifacts are checked for binary equality with the staged artifacts.
> Also users could possibly buld the source release and compare those results with the artifacts in their companies repos hereby adding another level of certainty.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)