Christofer Dutz created PLC4X-148:
-------------------------------------
Summary: Update the build to allow reproducible builds
Key: PLC4X-148
URL: https://issues.apache.org/jira/browse/PLC4X-148
Project: Apache PLC4X
Issue Type: New Feature
Affects Versions: 0.5.0
Reporter: Christofer Dutz
Assignee: Christofer Dutz
Fix For: 0.6.0
The maven team are currently releasing new versions of maven plugins which
would allow to create reproducible builds.
This would have a huge benefit as when releasing binary artifacts both the PMC
as well as users don't have the means to verify the binaries were actually
build form exactly the sources they are voting on.
With reproducible builds it would be possible to add one step of verification
to the release verification where the locally built artifacts are checked for
binary equality with the staged artifacts.
Also users could possibly buld the source release and compare those results
with the artifacts in their companies repos hereby adding another level of
certainty.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
