maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hervé Boutemy (JIRA) <>
Subject [jira] [Commented] (MNG-6276) Support reproducible builds
Date Sat, 07 Oct 2017 14:14:03 GMT


Hervé Boutemy commented on MNG-6276:

thank you [~Zlika] for the followup: let's continue

we need to find a property name that everybody will agree upon: "reproducible" does not gain
momentum yet, nor "idempotent", nor "deterministic"
Re-reading, which seems a good starting point, what about
To me, finding an agreed property name is the only requirement to fix MSHARED-661, which one
of the easiest part to code, then a good concrete first change to do.

To me, finding the right term is not just a detail, but a question of determining the right
objective: looking at MSHARED-661, by removing timestamps, the build can be deterministic
and idempotent on my personal machine, but our requirement is also that _someone else_ with
a "decently near" configuration will get the bit-for-bit same result (then removing username
avoids some stupid constraints on build environment configuration)

A general question: is there some writing somewhere on what are the issues in a basic java
build? (by "basic" I mean that no advanced build tool like Maven and plugins adds more variable
The first strong issue I see for example in basic builds is _timestamps for files in jars/wars/zips_
Is there something on the precise JDK version used? or compiler? If I build with JDK 8 with
target 6, do I get the same .class than with JDK 6? If I build with OpenJDK or IBM JDK or
Eclipse compiler or jikes, do I get the same result as with Oracle JDK?

Notice I just added a new entry in
to track this proposal: I'll add a dedicated Wiki page to gather requirements, which will
probably be useful on a long term documentation purpose in addition to our discussion in this
Jira issue...

> Support reproducible builds
> ---------------------------
>                 Key: MNG-6276
>                 URL:
>             Project: Maven
>          Issue Type: New Feature
>          Components: core, General
>            Reporter: Paolo Sacconier
> A venerable build system like maven should support full build reproducibilty (i.e. producing
bit a bit identical binaries from the same source).
> As initiatives like gain traction and the news of the
recent Debian policy change to mandate this build behavior (see,
this seems a feature that needs to be considered for inclusion into maven core & core
> There is an independent ongoing effort to support this feature and the author stated
that he has found interest from maven project to integrate his work:
> I hope this issue helps kickstart the effort.

This message was sent by Atlassian JIRA

View raw message