here is my +1 I checked the binary jar against different new local builds in misc JDK conditions to improve my understanding of artifact verifiability [1], using diffoscope
The results are: - using JDK 7 (as I used during the release staging), differences are as expected stupid ones (timestamps, order of files in .jar, order in components.xml) - using any other major JDK version (6, 8 or 9), .class content is different (sometimes just a little bit, sometimes really really different) I did not try yet to check against multiple minor versions of JDK 7 (or Oracle JDK vs Open JDK vs IBM JDK vs Eclipse JDT) nor multiple OS, but it seems we should at least record the major version of the JDK used to do the release to improve verifiability When voting on this artifact, it would be nice if you could check diffoscope result when using your personal version of JDK 7 and report differences to improve the analysis FYI, my detailed configuration during release preparation was: Apache Maven 3.5.0 (ff8f5e7444045639af65f6095c62210b5713f426; 2017-04-03T21:39:06+02:00) Java version: 1.7.0_80, vendor: Oracle Corporation Default locale: fr_FR, platform encoding: UTF-8 OS name: "linux", version: "4.10.0-37-generic", arch: "amd64", family: "unix" Regards, Hervé [1] https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=74682318 Le vendredi 13 octobre 2017, 02:09:58 CEST Hervé BOUTEMY a écrit : > Hi, > > We solved 3 issues: > https://issues.apache.org/jira/secure/ReleaseNote.jspa? > projectId=12317922&version=12338621 > > Staging repo: > https://repository.apache.org/content/repositories/maven-1372 > https://repository.apache.org/content/repositories/maven-1372/org/apache/ > maven/reporting/maven-reporting-exec/1.4/maven-reporting-exec-1.4-source- > release.zip > > Source release checksum(s): > maven-reporting-exec-1.4-source-release.zip sha1: > c1f3c12a24ec4513f5adbb4152ec6a314f0c4a2b > > Staging site: > http://maven.apache.org/shared-archives/maven-reporting-exec-LATEST/ > > Guide to testing staged releases: > https://maven.apache.org/guides/development/guide-testing-releases.html > > Vote open for at least 72 hours. > > [ ] +1 > [ ] +0 > [ ] -1 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
