maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hervé Boutemy (JIRA) <>
Subject [jira] [Commented] (MSHARED-661) Make "Built-By", "Built-Jdk" and "Created-By" Manifest entries optional for reproducible builds
Date Sun, 08 Oct 2017 13:13:00 GMT


Hervé Boutemy commented on MSHARED-661:

from the beginning, I like these manifest entries since they give you info on some key facts
the binary was done: I like traceability

with Reproducible/Verifiable Builds
, the general logic completely change with IMHO a more accurate strategy: it's not just about
traceability, but verifiability

when you have verifiable builds, traceability of such details are not useful

we don't have verifiable builds yet: that's why simply removing traceability is for me a little
bit too early
but adding an option to drop some traceability when you're working on verifiability, when
traceability is causing issues to verifiability, is an approach I find consistent, isn't it?

> Make "Built-By", "Built-Jdk" and "Created-By" Manifest entries optional for reproducible
> -----------------------------------------------------------------------------------------------
>                 Key: MSHARED-661
>                 URL:
>             Project: Maven Shared Components
>          Issue Type: New Feature
>          Components: maven-archiver
>            Reporter: Zlika
>            Priority: Minor
> Maven-archiver automatically creates "Built-By", "Build-Jdk" and "Created-By" Manifest
entries. In the frame of a reproducible build (cf. MNG-6276) these entries make the build
not reproducible.
> Maven-archiver should propose an option to disable the creation of these non-reproducible
manifest entries.

This message was sent by Atlassian JIRA

View raw message