maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hervé Boutemy (JIRA) <>
Subject [jira] [Commented] (MNG-6276) Support reproducible builds
Date Sun, 27 Aug 2017 14:38:00 GMT


Hervé Boutemy commented on MNG-6276:

Hi [~Zlika],
Good to see you there after Devoxx FR 2016 (already more than 1 year ago...): thanks [~psacc]
for bringing the issue here :)

As discussed with [~Zlika] at Devoxx, reproducible builds have advantages breaks "tagging"
features that were intended: then it should probably be opt-in, since one will have to choose
between 2 interesting behaviours (reproducible build vs intentionally tagged build)

And this op-in feature will have to be supported by many plugins: then we'll need to define
a convention to enable/disable this feature and get plugins to implement it (Maven core plugins
and also non-core plugins)

Defining this as a property with a conventional name seems the way to go. We already have
such conventional properties, like {{}} for source file encoding
as documented in

The first step will be to define a name and document it, for example in Maven Wiki like source
Then we'll have to see what plugins require to be modified to support this option: like source
encoding, we can maintain a list in the wiki with pointers.

Ok for everybody?

First is the property name: something like {{}}?
Should it be a boolean? With default value as false, and requires {{true}} to activate: that
would be quite natural.
Should it be a timestamp, since a lot of plugins will have to set a timestamps to files, and
you'll need a way to define the conventional timestamp value for a build (or let any build
have the same timestamp).

Any preference from people who have already worked on the topic?

> Support reproducible builds
> ---------------------------
>                 Key: MNG-6276
>                 URL:
>             Project: Maven
>          Issue Type: New Feature
>          Components: core, General
>            Reporter: Paolo Sacconier
> A venerable build system like maven should support full build reproduibilty (i.e. producing
bit a bit identical binaries from the same source).
> As initiatives like gain traction and the news of the
recent Debian policy change to mandate this build behavior (see,
this seems a feature that needs to be considered for inclusion into maven core.
> There is an indipendent ongoing effort to support this feature and the author stated
that he has found interest from maven project to integrate his work:
> I hope this issue helps kickstart the effort.

This message was sent by Atlassian JIRA

View raw message