Versions Compared

Old Version 43

changes.mady.by.user Herve Boutemy

Saved on

compared with

New Version 44

changes.mady.by.user Herve Boutemy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: list the 11 Maven plugins using maven-archiver

...

issue trackingdescription
MSHARED-661 (fixed in maven-archiver-3.4.0)

maven-archiver adds "Built-By: <username>" Manifest entry
this component is then used by many plugins that create archivesThe : the entry was removed

MSHARED-796 (fixed in maven-archiver-3.4.0)

maven-archiver adds "Built-Jdk: <detailed java version>" Manifest entry: better replaced with "Built-Jdk: <java specification version>"
MSHARED-494 (fixed in maven-archiver 3.1.0)Timestamp in pom.properties

MSHARED-505

support SOURCE_DATE_EPOCH environment variable or equivalent: see https://reproducible-builds.org/docs/timestamps/

sort zip entries to make zip entries order reproducible
MPLUGIN-261 (fixed in maven-plugin-plugin 3.3)generated plugin.xml is non-deterministic
MPLUGIN-326 (fixed in maven-plugin-plugin 3.5.1)Timestamp in plugin.xml and plugin-help.xml descriptors generated by maven-plugin-tools-generator
plexus-archiver issue #48avoid timestamp issues in archives created by plexus-archiver (widely used in Maven plugins creating jar, zip, war, tar... archives)
plexus-containers issue #8 (fixed in plexus-component-metadata 2.0.0)
sort components when generating META-INF/plexus/components.xml

issues fixed in maven-archiver will have to be picked by 11 plugins managed by Apache Maven team (acr, ear, ejb, jar, jlink, rar, source, war, site, javadoc, assembly) and perhaps other plugins managed outside Apache Maven team

Debian approach

Debian has a strong reproducible builds structure working on the topic for a few years: see BuildinfoFiles for environment info recording.

...