[
https://issues.apache.org/jira/browse/MNG-6276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16196289#comment-16196289
]
Zlika commented on MNG-6276:
----------------------------
I agree that naming is very important. I think "Verifiable" is a good name.
However, "reproducibility" is clearly used by everyone, even people from other
JIRA tickets I linked here. Maven is all about "convention over configuration",
so I think we should use the de facto "convention".
Apart from ZIP timestamps, there is another important source of
non-reproducibility few people think about: the order of the files in the ZIP,
which depends on the file system of the computer.
I didn't do an exhaustive test, but compiling one of my projects with different
versions of OpenJDK 8 led to the same class files. I would not be surprised
however that an Eclipse or IBM compiler give slightly different results.
> Support reproducible builds
> ---------------------------
>
> Key: MNG-6276
> URL: https://issues.apache.org/jira/browse/MNG-6276
> Project: Maven
> Issue Type: New Feature
> Components: core, General
> Reporter: Paolo Sacconier
>
> A venerable build system like maven should support full build reproducibilty
> (i.e. producing bit a bit identical binaries from the same source).
> As initiatives like https://reproducible-builds.org gain traction and the
> news of the recent Debian policy change to mandate this build behavior (see
> https://reproducible.alioth.debian.org/blog/posts/121/), this seems a feature
> that needs to be considered for inclusion into maven core & core plugins.
> There is an independent ongoing effort to support this feature and the author
> stated that he has found interest from maven project to integrate his work:
> https://github.com/Zlika/reproducible-build-maven-plugin/issues/6#issuecomment-325005883
> I hope this issue helps kickstart the effort.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
