Can it be replaced with current revision date as temporary fallback? Sergey Vladimirov
Пн, 25 марта 2024 г. в 11:35, PJ Fanning <[email protected]>: > Putting a date or time in the MANIFEST.MF is exactly the same > reproducibility busting issue as having it in the Version class. You will > have to get used to this - in 2024, everyone is scrambling to remove dates > and times from their jars. > > > > > > > On Thursday 21 March 2024 at 12:23:39 GMT+1, Thorsten Möller < > [email protected]> wrote: > > > > > > Hello > > Thanks for explaining it, I understand. > > Unfortunately, parsing the DOAP file is not an option either since it is > external. > > Another option that comes to my mind is to extend POI's JAR manifest files > by attributes `Build-Date`, `Build-Time`, which are commonly used for these > kind of meta data, e.g.: > > Build-Date: 2024-02-04 > Build-Time: 2024-02-04T22:21:33+0100 > > Would that be compatible with the definition of a reproducible build? I > mean, is the manifest of a JAR part of what may not change when the same > sources are compiled? I’m afraid that’s the case … > > Thanks > Thorsten > > > > Am 21.03.2024 um 10:26 schrieb PJ Fanning <[email protected]>: > > > > I sent this yesterday using my Apache email address but it seems not to > have made it to the list. > > > > Apologies if you were using this method. It was removed for reproducible > build purposes. > > > > The build is not reproducible if we stick today's date in a generated > source file and compile it into a class. > > > > So, I will be -1 on adding this back. > > > > Reproducible builds are becoming a major topic. Important for verifiable > releases. We may even become legally required to have them in future (EU > and US are at least considering this). > > > > One option would be to parse this XML file: > > > > https://github.com/apache/poi/blob/trunk/doap_POI.rdf > > > > > > > > > > > > > > On Wednesday 20 March 2024 at 15:04:36 GMT+1, Thorsten Möller < > [email protected]> wrote: > > > > > > > > > > > > Hello > > > > I wanted to upgrade POI from version 5.2.2 to 5.2.5 in one of our local > projects. I noticed that the method > > > > org.apache.poi.Version.getReleaseDate() > > > > has been removed starting from release 5.2.4. We use this method as part > of a diagnostics feature to get versioning and release date information of > libraries that we use. > > > > Assuming that POI adopts Semantic Versioning, this is annoying. For a > patch release (5.2.3 -> 5.2.4), I would not assume that a method of its > public API gets removed without further notice. The change has neither been > documented in the changelog (https://poi.apache.org/changes.html) nor > does the relevant SVN commit ( > https://svn.apache.org/viewvc/poi/trunk/poi/src/main/version/Version.java.template?revision=1910760&view=markup) > give a clue on reasons why it has been removed. > > > > Would it be possible to reintroduce this method, please? Note that the > build token `@DSTAMP@` used by the project's Gradle build script is also > still existing; which poses the question to me why the method has been > removed but the Gradle build has not been cleaned up correspondingly (yes, > I have checked that as well `@DSTAMP@` is nowhere else used). > > > > Thanks > > Thorsten > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
