ramanathan1504 commented on issue #3804:
URL:
https://github.com/apache/logging-log4j2/issues/3804#issuecomment-3207740696
Hi @ppkarwasz ,
Thanks a lot for the detailed context and for linking the reproducibility
discussion.
Here’s my plan:
1. Reproduce consistently – I’ll first try multiple clean builds
of log4j-bom to capture the nondeterministic JSpecify ordering.
2. Maven version check – I’ll then re-run the builds using
different Maven versions to see if the issue is tied to a specific version or
persists across them.
3. Narrow down root cause – If the nondeterminism only appears
with certain versions, I’ll dig into the Maven internals
(DependencyCollectorBuilder, as you mentioned). If it happens everywhere, I’ll
look at how the CycloneDX plugin interacts with Maven dependency resolution.
I’ll report back here with reproducible steps and results once I’ve tested
across versions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
