[jira] [Commented] (SSHD-1026) Improve build reproductibility
[
https://issues.apache.org/jira/browse/SSHD-1026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17169678#comment-17169678
]
Bernhard M. Wiedemann commented on SSHD-1026:
-
Found [https://github.com/apache/mina-sshd/pull/155] and tested it with old
plexus-archiver. Copyright years were still changing. Would it be better with
4.2.0 ?
> Improve build reproductibility
> --
>
> Key: SSHD-1026
> URL: https://issues.apache.org/jira/browse/SSHD-1026
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.4.0
>Reporter: Bernhard M. Wiedemann
>Assignee: Guillaume Nodet
>Priority: Major
> Fix For: 2.6.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> While working on the reproducible builds effort, I found that
> when building the [apache-sshd 2.4.0
> package|https://github.com/bmwiedemann/openSUSE/tree/master/packages/a/apache-sshd]
> for openSUSE Linux, there were differences between builds when the year
> changed:
>
> {{/usr/share/java/apache-sshd/sshd-common.jar META-INF/NOTICE}}
> {{@@ -1,6 +1,6 @@}}
> {{Apache MINA SSHD}}
> {{-Copyright 2018-2020 The Apache Software Foundation}}
> {{+Copyright 2018-2035 The Apache Software Foundation}}
>
> See [https://reproducible-builds.org/] for why this matters.
>
> I cannot find where that comes from - in the input I only see NOTICE.txt:
> {{Apache MINA SSHD}}
> {{Copyright 2008-2018 The Apache Software Foundation}}
>
> Nothing should claim copyright for future years. And you probably dont want
> give up copyright on versions from before 2018 either.
>
>
> In case it matters, our build currently involves these packages+versions:
> {{java-11-openjdk-11.0.7.0-3.74}}
> {{java-11-openjdk-devel-11.0.7.0-3.74}}
> {{java-11-openjdk-headless-11.0.7.0-3.74}}
> {{javamail-1.5.2-2.4}}
> {{javapackages-local-5.3.0-114.6}}
> {{javapackages-tools-5.3.0-114.1}}
> {{maven-archiver-3.5.0-1.2}}
> {{maven-artifact-2.2.1-1.5}}
> {{maven-artifact-manager-2.2.1-1.5}}
> {{maven-artifact-resolver-1.0-2.2}}
> {{maven-artifact-transfer-0.11.0-1.2}}
> {{maven-clean-plugin-3.1.0-3.5}}
> {{maven-common-artifact-filters-3.0.1-1.5}}
> {{maven-compiler-plugin-3.8.1-2.2}}
> {{maven-dependency-analyzer-1.10-1.5}}
> {{maven-dependency-plugin-3.1.1-2.4}}
> {{maven-dependency-tree-3.0-1.5}}
> {{maven-doxia-core-1.9.1-2.2}}
> {{maven-doxia-logging-api-1.9.1-2.2}}
> {{maven-doxia-module-apt-1.9.1-2.2}}
> {{maven-doxia-module-fml-1.9.1-2.2}}
> {{maven-doxia-module-fo-1.9.1-2.2}}
> {{maven-doxia-module-xdoc-1.9.1-2.2}}
> {{maven-doxia-module-xhtml-1.9.1-2.2}}
> {{maven-doxia-module-xhtml5-1.9.1-2.2}}
> {{maven-doxia-sink-api-1.9.1-2.2}}
> {{maven-doxia-sitetools-1.9.2-1.2}}
> {{maven-file-management-3.0.0-1.5}}
> {{maven-filtering-3.1.1-1.5}}
> {{maven-invoker-3.0.1-1.3}}
> {{maven-jar-plugin-3.2.0-1.4}}
> {{maven-javadoc-plugin-3.1.1-2.2}}
> {{maven-lib-3.6.2-17.1}}
> {{maven-local-5.3.0-2.2}}
> {{maven-model-2.2.1-1.5}}
> {{maven-monitor-2.2.1-1.5}}
> {{maven-plugin-annotations-3.6.0-1.3}}
> {{maven-plugin-build-helper-1.9.1-1.7}}
> {{maven-plugin-bundle-3.5.1-18.1}}
> {{maven-plugin-registry-2.2.1-1.5}}
> {{maven-profile-2.2.1-1.5}}
> {{maven-project-2.2.1-1.5}}
> {{maven-remote-resources-plugin-1.5-4.4}}
> {{maven-reporting-api-3.0-1.5}}
> {{maven-reporting-impl-3.0.0-2.2}}
> {{maven-resolver-api-1.4.1-1.2}}
> {{maven-resolver-connector-basic-1.4.1-1.2}}
> {{maven-resolver-impl-1.4.1-1.2}}
> {{maven-resolver-spi-1.4.1-1.2}}
> {{maven-resolver-transport-wagon-1.4.1-1.2}}
> {{maven-resolver-util-1.4.1-1.2}}
> {{maven-resources-plugin-3.1.0-2.4}}
> {{maven-settings-2.2.1-1.5}}
> {{maven-shared-incremental-1.1-1.5}}
> {{maven-shared-io-3.0.0-1.5}}
> {{maven-shared-utils-3.2.1-1.5}}
> {{maven-surefire-2.22.0-3.4}}
> {{maven-surefire-plugin-2.22.0-3.4}}
> {{maven-surefire-provider-junit-2.22.0-3.4}}
> {{maven-surefire-provider-testng-2.22.0-3.4}}
> {{maven-wagon-file-3.2.0-2.2}}
> {{maven-wagon-http-3.2.0-2.2}}
> {{maven-wagon-http-shared-3.2.0-2.2}}
> {{maven-wagon-provider-api-3.2.0-2.2}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-1026) NOTICE file claims Copyright for future years
[
https://issues.apache.org/jira/browse/SSHD-1026?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17150959#comment-17150959
]
Bernhard M. Wiedemann commented on SSHD-1026:
-
The diff above comes from comparing output of 2 builds - one in 2035 and one in
2020.
> NOTICE file claims Copyright for future years
> -
>
> Key: SSHD-1026
> URL: https://issues.apache.org/jira/browse/SSHD-1026
> Project: MINA SSHD
> Issue Type: Bug
>Affects Versions: 2.4.0
>Reporter: Bernhard M. Wiedemann
>Priority: Major
>
> While working on the reproducible builds effort, I found that
> when building the [apache-sshd 2.4.0
> package|https://github.com/bmwiedemann/openSUSE/tree/master/packages/a/apache-sshd]
> for openSUSE Linux, there were differences between builds when the year
> changed:
>
> {{/usr/share/java/apache-sshd/sshd-common.jar META-INF/NOTICE}}
> {{@@ -1,6 +1,6 @@}}
> {{Apache MINA SSHD}}
> {{-Copyright 2018-2020 The Apache Software Foundation}}
> {{+Copyright 2018-2035 The Apache Software Foundation}}
>
> See [https://reproducible-builds.org/] for why this matters.
>
> I cannot find where that comes from - in the input I only see NOTICE.txt:
> {{Apache MINA SSHD}}
> {{Copyright 2008-2018 The Apache Software Foundation}}
>
> Nothing should claim copyright for future years. And you probably dont want
> give up copyright on versions from before 2018 either.
>
>
> In case it matters, our build currently involves these packages+versions:
> {{java-11-openjdk-11.0.7.0-3.74}}
> {{java-11-openjdk-devel-11.0.7.0-3.74}}
> {{java-11-openjdk-headless-11.0.7.0-3.74}}
> {{javamail-1.5.2-2.4}}
> {{javapackages-local-5.3.0-114.6}}
> {{javapackages-tools-5.3.0-114.1}}
> {{maven-archiver-3.5.0-1.2}}
> {{maven-artifact-2.2.1-1.5}}
> {{maven-artifact-manager-2.2.1-1.5}}
> {{maven-artifact-resolver-1.0-2.2}}
> {{maven-artifact-transfer-0.11.0-1.2}}
> {{maven-clean-plugin-3.1.0-3.5}}
> {{maven-common-artifact-filters-3.0.1-1.5}}
> {{maven-compiler-plugin-3.8.1-2.2}}
> {{maven-dependency-analyzer-1.10-1.5}}
> {{maven-dependency-plugin-3.1.1-2.4}}
> {{maven-dependency-tree-3.0-1.5}}
> {{maven-doxia-core-1.9.1-2.2}}
> {{maven-doxia-logging-api-1.9.1-2.2}}
> {{maven-doxia-module-apt-1.9.1-2.2}}
> {{maven-doxia-module-fml-1.9.1-2.2}}
> {{maven-doxia-module-fo-1.9.1-2.2}}
> {{maven-doxia-module-xdoc-1.9.1-2.2}}
> {{maven-doxia-module-xhtml-1.9.1-2.2}}
> {{maven-doxia-module-xhtml5-1.9.1-2.2}}
> {{maven-doxia-sink-api-1.9.1-2.2}}
> {{maven-doxia-sitetools-1.9.2-1.2}}
> {{maven-file-management-3.0.0-1.5}}
> {{maven-filtering-3.1.1-1.5}}
> {{maven-invoker-3.0.1-1.3}}
> {{maven-jar-plugin-3.2.0-1.4}}
> {{maven-javadoc-plugin-3.1.1-2.2}}
> {{maven-lib-3.6.2-17.1}}
> {{maven-local-5.3.0-2.2}}
> {{maven-model-2.2.1-1.5}}
> {{maven-monitor-2.2.1-1.5}}
> {{maven-plugin-annotations-3.6.0-1.3}}
> {{maven-plugin-build-helper-1.9.1-1.7}}
> {{maven-plugin-bundle-3.5.1-18.1}}
> {{maven-plugin-registry-2.2.1-1.5}}
> {{maven-profile-2.2.1-1.5}}
> {{maven-project-2.2.1-1.5}}
> {{maven-remote-resources-plugin-1.5-4.4}}
> {{maven-reporting-api-3.0-1.5}}
> {{maven-reporting-impl-3.0.0-2.2}}
> {{maven-resolver-api-1.4.1-1.2}}
> {{maven-resolver-connector-basic-1.4.1-1.2}}
> {{maven-resolver-impl-1.4.1-1.2}}
> {{maven-resolver-spi-1.4.1-1.2}}
> {{maven-resolver-transport-wagon-1.4.1-1.2}}
> {{maven-resolver-util-1.4.1-1.2}}
> {{maven-resources-plugin-3.1.0-2.4}}
> {{maven-settings-2.2.1-1.5}}
> {{maven-shared-incremental-1.1-1.5}}
> {{maven-shared-io-3.0.0-1.5}}
> {{maven-shared-utils-3.2.1-1.5}}
> {{maven-surefire-2.22.0-3.4}}
> {{maven-surefire-plugin-2.22.0-3.4}}
> {{maven-surefire-provider-junit-2.22.0-3.4}}
> {{maven-surefire-provider-testng-2.22.0-3.4}}
> {{maven-wagon-file-3.2.0-2.2}}
> {{maven-wagon-http-3.2.0-2.2}}
> {{maven-wagon-http-shared-3.2.0-2.2}}
> {{maven-wagon-provider-api-3.2.0-2.2}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Updated] (SSHD-1026) NOTICE file claims Copyright for future years
[
https://issues.apache.org/jira/browse/SSHD-1026?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bernhard M. Wiedemann updated SSHD-1026:
Description:
While working on the reproducible builds effort, I found that
when building the [apache-sshd 2.4.0
package|https://github.com/bmwiedemann/openSUSE/tree/master/packages/a/apache-sshd]
for openSUSE Linux, there were differences between builds when the year
changed:
{{/usr/share/java/apache-sshd/sshd-common.jar META-INF/NOTICE}}
{{@@ -1,6 +1,6 @@}}
{{Apache MINA SSHD}}
{{-Copyright 2018-2020 The Apache Software Foundation}}
{{+Copyright 2018-2035 The Apache Software Foundation}}
See [https://reproducible-builds.org/] for why this matters.
I cannot find where that comes from - in the input I only see NOTICE.txt:
{{Apache MINA SSHD}}
{{Copyright 2008-2018 The Apache Software Foundation}}
Nothing should claim copyright for future years. And you probably dont want
give up copyright on versions from before 2018 either.
In case it matters, our build currently involves these packages+versions:
{{java-11-openjdk-11.0.7.0-3.74}}
{{java-11-openjdk-devel-11.0.7.0-3.74}}
{{java-11-openjdk-headless-11.0.7.0-3.74}}
{{javamail-1.5.2-2.4}}
{{javapackages-local-5.3.0-114.6}}
{{javapackages-tools-5.3.0-114.1}}
{{maven-archiver-3.5.0-1.2}}
{{maven-artifact-2.2.1-1.5}}
{{maven-artifact-manager-2.2.1-1.5}}
{{maven-artifact-resolver-1.0-2.2}}
{{maven-artifact-transfer-0.11.0-1.2}}
{{maven-clean-plugin-3.1.0-3.5}}
{{maven-common-artifact-filters-3.0.1-1.5}}
{{maven-compiler-plugin-3.8.1-2.2}}
{{maven-dependency-analyzer-1.10-1.5}}
{{maven-dependency-plugin-3.1.1-2.4}}
{{maven-dependency-tree-3.0-1.5}}
{{maven-doxia-core-1.9.1-2.2}}
{{maven-doxia-logging-api-1.9.1-2.2}}
{{maven-doxia-module-apt-1.9.1-2.2}}
{{maven-doxia-module-fml-1.9.1-2.2}}
{{maven-doxia-module-fo-1.9.1-2.2}}
{{maven-doxia-module-xdoc-1.9.1-2.2}}
{{maven-doxia-module-xhtml-1.9.1-2.2}}
{{maven-doxia-module-xhtml5-1.9.1-2.2}}
{{maven-doxia-sink-api-1.9.1-2.2}}
{{maven-doxia-sitetools-1.9.2-1.2}}
{{maven-file-management-3.0.0-1.5}}
{{maven-filtering-3.1.1-1.5}}
{{maven-invoker-3.0.1-1.3}}
{{maven-jar-plugin-3.2.0-1.4}}
{{maven-javadoc-plugin-3.1.1-2.2}}
{{maven-lib-3.6.2-17.1}}
{{maven-local-5.3.0-2.2}}
{{maven-model-2.2.1-1.5}}
{{maven-monitor-2.2.1-1.5}}
{{maven-plugin-annotations-3.6.0-1.3}}
{{maven-plugin-build-helper-1.9.1-1.7}}
{{maven-plugin-bundle-3.5.1-18.1}}
{{maven-plugin-registry-2.2.1-1.5}}
{{maven-profile-2.2.1-1.5}}
{{maven-project-2.2.1-1.5}}
{{maven-remote-resources-plugin-1.5-4.4}}
{{maven-reporting-api-3.0-1.5}}
{{maven-reporting-impl-3.0.0-2.2}}
{{maven-resolver-api-1.4.1-1.2}}
{{maven-resolver-connector-basic-1.4.1-1.2}}
{{maven-resolver-impl-1.4.1-1.2}}
{{maven-resolver-spi-1.4.1-1.2}}
{{maven-resolver-transport-wagon-1.4.1-1.2}}
{{maven-resolver-util-1.4.1-1.2}}
{{maven-resources-plugin-3.1.0-2.4}}
{{maven-settings-2.2.1-1.5}}
{{maven-shared-incremental-1.1-1.5}}
{{maven-shared-io-3.0.0-1.5}}
{{maven-shared-utils-3.2.1-1.5}}
{{maven-surefire-2.22.0-3.4}}
{{maven-surefire-plugin-2.22.0-3.4}}
{{maven-surefire-provider-junit-2.22.0-3.4}}
{{maven-surefire-provider-testng-2.22.0-3.4}}
{{maven-wagon-file-3.2.0-2.2}}
{{maven-wagon-http-3.2.0-2.2}}
{{maven-wagon-http-shared-3.2.0-2.2}}
{{maven-wagon-provider-api-3.2.0-2.2}}
was:
While working on the reproducible builds effort, I found that
when building the [apache-sshd 2.4.0
package|https://github.com/bmwiedemann/openSUSE/tree/master/packages/a/apache-sshd]
for openSUSE Linux, there were differences between builds when the year
changed:
{{/usr/share/java/apache-sshd/sshd-common.jar META-INF/NOTICE}}
\{{ @@ -1,6 +1,6 @@}}
{{Apache MINA SSHD}}
\{{ -Copyright 2018-2020 The Apache Software Foundation}}
\{{ +Copyright 2018-2035 The Apache Software Foundation}}
See [https://reproducible-builds.org/] for why this matters.
I cannot find where that comes from - in the input I only see NOTICE.txt:
{{Apache MINA SSHD}}
\{{ Copyright 2008-2018 The Apache Software Foundation}}
Nothing should claim copyright for future years. And you probably dont want
give up copyright on versions from before 2018 either.
In case it matters, our build currently involves these packages+versions:
{{java-11-openjdk-11.0.7.0-3.74}}
{{java-11-openjdk-devel-11.0.7.0-3.74}}
{{java-11-openjdk-headless-11.0.7.0-3.74}}
{{javamail-1.5.2-2.4}}
{{javapackages-local-5.3.0-114.6}}
{{javapackages-tools-5.3.0-114.1}}
{{maven-archiver-3.5.0-1.2}}
{{maven-artifact-2.2.1-1.5}}
{{maven-artifact-manager-2.2.1-1.5}}
{{maven-artifact-resolver-1.0-2.2}}
{{maven-artifact-transfer-0.11.0-1.2}}
{{maven-clean-plugin-3.1.0-3.5}}
{{maven-common-artifact-filters-3.0.1-1.5}}
{{maven-compiler-plugin-3.8.1-2.2}}
{{maven-dependency-analyzer-1.10-1.5}}
{{maven-dependency-plugin-3.1.1-2.4}}
[jira] [Created] (SSHD-1026) NOTICE file claims Copyright for future years
Bernhard M. Wiedemann created SSHD-1026:
---
Summary: NOTICE file claims Copyright for future years
Key: SSHD-1026
URL: https://issues.apache.org/jira/browse/SSHD-1026
Project: MINA SSHD
Issue Type: Bug
Affects Versions: 2.4.0
Reporter: Bernhard M. Wiedemann
While working on the reproducible builds effort, I found that
when building the [apache-sshd 2.4.0
package|https://github.com/bmwiedemann/openSUSE/tree/master/packages/a/apache-sshd]
for openSUSE Linux, there were differences between builds when the year
changed:
{{/usr/share/java/apache-sshd/sshd-common.jar META-INF/NOTICE}}
\{{ @@ -1,6 +1,6 @@}}
{{Apache MINA SSHD}}
\{{ -Copyright 2018-2020 The Apache Software Foundation}}
\{{ +Copyright 2018-2035 The Apache Software Foundation}}
See [https://reproducible-builds.org/] for why this matters.
I cannot find where that comes from - in the input I only see NOTICE.txt:
{{Apache MINA SSHD}}
\{{ Copyright 2008-2018 The Apache Software Foundation}}
Nothing should claim copyright for future years. And you probably dont want
give up copyright on versions from before 2018 either.
In case it matters, our build currently involves these packages+versions:
{{java-11-openjdk-11.0.7.0-3.74}}
{{java-11-openjdk-devel-11.0.7.0-3.74}}
{{java-11-openjdk-headless-11.0.7.0-3.74}}
{{javamail-1.5.2-2.4}}
{{javapackages-local-5.3.0-114.6}}
{{javapackages-tools-5.3.0-114.1}}
{{maven-archiver-3.5.0-1.2}}
{{maven-artifact-2.2.1-1.5}}
{{maven-artifact-manager-2.2.1-1.5}}
{{maven-artifact-resolver-1.0-2.2}}
{{maven-artifact-transfer-0.11.0-1.2}}
{{maven-clean-plugin-3.1.0-3.5}}
{{maven-common-artifact-filters-3.0.1-1.5}}
{{maven-compiler-plugin-3.8.1-2.2}}
{{maven-dependency-analyzer-1.10-1.5}}
{{maven-dependency-plugin-3.1.1-2.4}}
{{maven-dependency-tree-3.0-1.5}}
{{maven-doxia-core-1.9.1-2.2}}
{{maven-doxia-logging-api-1.9.1-2.2}}
{{maven-doxia-module-apt-1.9.1-2.2}}
{{maven-doxia-module-fml-1.9.1-2.2}}
{{maven-doxia-module-fo-1.9.1-2.2}}
{{maven-doxia-module-xdoc-1.9.1-2.2}}
{{maven-doxia-module-xhtml-1.9.1-2.2}}
{{maven-doxia-module-xhtml5-1.9.1-2.2}}
{{maven-doxia-sink-api-1.9.1-2.2}}
{{maven-doxia-sitetools-1.9.2-1.2}}
{{maven-file-management-3.0.0-1.5}}
{{maven-filtering-3.1.1-1.5}}
{{maven-invoker-3.0.1-1.3}}
{{maven-jar-plugin-3.2.0-1.4}}
{{maven-javadoc-plugin-3.1.1-2.2}}
{{maven-lib-3.6.2-17.1}}
{{maven-local-5.3.0-2.2}}
{{maven-model-2.2.1-1.5}}
{{maven-monitor-2.2.1-1.5}}
{{maven-plugin-annotations-3.6.0-1.3}}
{{maven-plugin-build-helper-1.9.1-1.7}}
{{maven-plugin-bundle-3.5.1-18.1}}
{{maven-plugin-registry-2.2.1-1.5}}
{{maven-profile-2.2.1-1.5}}
{{maven-project-2.2.1-1.5}}
{{maven-remote-resources-plugin-1.5-4.4}}
{{maven-reporting-api-3.0-1.5}}
{{maven-reporting-impl-3.0.0-2.2}}
{{maven-resolver-api-1.4.1-1.2}}
{{maven-resolver-connector-basic-1.4.1-1.2}}
{{maven-resolver-impl-1.4.1-1.2}}
{{maven-resolver-spi-1.4.1-1.2}}
{{maven-resolver-transport-wagon-1.4.1-1.2}}
{{maven-resolver-util-1.4.1-1.2}}
{{maven-resources-plugin-3.1.0-2.4}}
{{maven-settings-2.2.1-1.5}}
{{maven-shared-incremental-1.1-1.5}}
{{maven-shared-io-3.0.0-1.5}}
{{maven-shared-utils-3.2.1-1.5}}
{{maven-surefire-2.22.0-3.4}}
{{maven-surefire-plugin-2.22.0-3.4}}
{{maven-surefire-provider-junit-2.22.0-3.4}}
{{maven-surefire-provider-testng-2.22.0-3.4}}
{{maven-wagon-file-3.2.0-2.2}}
{{maven-wagon-http-3.2.0-2.2}}
{{maven-wagon-http-shared-3.2.0-2.2}}
{{maven-wagon-provider-api-3.2.0-2.2}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
