[
https://issues.apache.org/jira/browse/FOP-3318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18082980#comment-18082980
]
Sean Gilligan commented on FOP-3318:
------------------------------------
For reference here is the patch we made in Nixpkgs:
https://github.com/NixOS/nixpkgs/pull/522916
Since this is a patch, we didn't define `properties` for the versions.
> Define Maven plugin versions to guarantee build reproducibility
> ---------------------------------------------------------------
>
> Key: FOP-3318
> URL: https://issues.apache.org/jira/browse/FOP-3318
> Project: FOP
> Issue Type: Improvement
> Affects Versions: 2.11
> Reporter: Sean Gilligan
> Priority: Major
>
> The root pom.xml does not define versions for the following plugins:
> * maven-site-plugin
> * maven-clean-plugin
> * maven-install-plugin
> * maven-deploy-plugin
> * maven-resources-plugin
> * maven-dependency-plugin
> * maven-assembly-plugin
> It is a best practice in Maven-based projects to define these versions as
> otherwise they are determined by the version of Maven being used and can fail
> `offline` builds used by package managers like Nix and Guix.
> The Maven Enforcer plugin is also recommended to verify that no plugins are
> left unspecified.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
