[rb-general] Reproducible Java builds with Maven

Holger Levsen holger at layer-acht.org
Tue Nov 27 15:58:04 CET 2018


On Tue, Nov 27, 2018 at 12:26:33PM +0100, Arnout Engelen wrote:
> Buildinfo is more of a general concept rather than a well-defined specifciation,
> what it looks like exactly will probably vary per 'ecosystem'.
indeed. though we should have a specification about what .buildinfo file
should describe and how. what we probably cannot specify is the format
itself, as this will vary between projects based on what other file
types they generally use. (eg Debian uses rfc822 files for many
purposes, so Debian .buildinfo files also follow rfc822. if some other
project OTOT use .yaml for everything it will make more sense to use
.yaml for .buildinfo files than rfc822...)

> Some words on its purpose and the conventions adopted by Debian, Arch and Tails
> can be found at https://reproducible-builds.org/docs/recording/ .

Thank you for giving this pointer here.

> For
> Scala for now
> I generally followed the layout from the Debian approach.

wow :)

> > Then it seems the way we look at this topic is quite different when you think
> > as a Linux distribution manager or as a Java/Maven user publishing to Maven
> > Central = what I'm looking first as Maven developer.
> >
> > Should we start by defining a convention for anybody to publish a Buildinfo

yes, please!


       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20181127/f92b1614/attachment.sig>

More information about the rb-general mailing list