maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Osipov (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MSHARED-661) Make "Built-By", "Built-Jdk" and "Created-By" Manifest entries optional for reproducible builds
Date Wed, 08 Aug 2018 08:57:00 GMT

    [ https://issues.apache.org/jira/browse/MSHARED-661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16572899#comment-16572899
] 

Michael Osipov commented on MSHARED-661:
----------------------------------------

bq. I think it's fine to keep the Created-By and Built-Jdk attributes for now until another
way of capturing the build environment is agreed upon. The Built-By attribute on the other
hand should be removed right off, the identity of the person creating the artifact is already
known with the GPG signature anyway.

I fully agree.

> Make "Built-By", "Built-Jdk" and "Created-By" Manifest entries optional for reproducible
builds
> -----------------------------------------------------------------------------------------------
>
>                 Key: MSHARED-661
>                 URL: https://issues.apache.org/jira/browse/MSHARED-661
>             Project: Maven Shared Components
>          Issue Type: New Feature
>          Components: maven-archiver
>            Reporter: Zlika
>            Priority: Minor
>
> Maven-archiver automatically creates "Built-By", "Build-Jdk" and "Created-By" Manifest
entries. In the frame of a reproducible build (cf. MNG-6276) these entries make the build
not reproducible.
> Maven-archiver should propose an option to disable the creation of these non-reproducible
manifest entries.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message