[jira] [Commented] (MARTIFACT-31) wrong comparison results when buildinfo has been published to Central

2022-04-02 Thread Hudson (Jira)


[ 
https://issues.apache.org/jira/browse/MARTIFACT-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17516401#comment-17516401
 ] 

Hudson commented on MARTIFACT-31:
-

Build succeeded in Jenkins: Maven » Maven TLP » maven-artifact-plugin » master 
#4

See 
https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-artifact-plugin/job/master/4/

> wrong comparison results when buildinfo has been published to Central
> -
>
> Key: MARTIFACT-31
> URL: https://issues.apache.org/jira/browse/MARTIFACT-31
> Project: Maven Artifact Plugin
>  Issue Type: Bug
>  Components: artifact:compare
>Affects Versions: 3.2.0
>Reporter: Herve Boutemy
>Assignee: Herve Boutemy
>Priority: Major
> Fix For: 3.3.0
>
>
> trying to rebuild OWASP Dependency Check 6.5.0 on Reproducible Central leads 
> to many false differences found



--
This message was sent by Atlassian Jira
(v8.20.1#820001)


[jira] [Commented] (MARTIFACT-31) wrong comparison results when buildinfo has been published to Central

2022-04-02 Thread Herve Boutemy (Jira)


[ 
https://issues.apache.org/jira/browse/MARTIFACT-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17516397#comment-17516397
 ] 

Herve Boutemy commented on MARTIFACT-31:


after deep dive, root cause is that Dependency Check has published a buildinfo 
generated with maven-artifact-plugin 3.1.0
while rebuilding on Reproducible Central uses maven-artifact-plugin 3.2.0: this 
releases checks poms that were not checked before, then buildinfo does not have 
contain same files identifiers...

we can't use downloaded reference buildinfo to automatically check against 
actual buildinfo...

> wrong comparison results when buildinfo has been published to Central
> -
>
> Key: MARTIFACT-31
> URL: https://issues.apache.org/jira/browse/MARTIFACT-31
> Project: Maven Artifact Plugin
>  Issue Type: Bug
>  Components: artifact:compare
>Affects Versions: 3.2.0
>Reporter: Herve Boutemy
>Assignee: Herve Boutemy
>Priority: Major
> Fix For: 3.3.0
>
>
> trying to rebuild OWASP Dependency Check 6.5.0 on Reproducible Central leads 
> to many false differences found



--
This message was sent by Atlassian Jira
(v8.20.1#820001)