[
https://issues.apache.org/jira/browse/PLC4X-148?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christofer Dutz resolved PLC4X-148.
-----------------------------------
Resolution: Fixed
Should be possible now ... might need some fine-tuning, but in general it
should work.
> Update the build to allow reproducible builds
> ---------------------------------------------
>
> Key: PLC4X-148
> URL: https://issues.apache.org/jira/browse/PLC4X-148
> Project: Apache PLC4X
> Issue Type: New Feature
> Affects Versions: 0.5.0
> Reporter: Christofer Dutz
> Assignee: Christofer Dutz
> Priority: Major
> Fix For: 0.6.0
>
>
> The maven team are currently releasing new versions of maven plugins which
> would allow to create reproducible builds.
> This would have a huge benefit as when releasing binary artifacts both the
> PMC as well as users don't have the means to verify the binaries were
> actually build form exactly the sources they are voting on.
> With reproducible builds it would be possible to add one step of verification
> to the release verification where the locally built artifacts are checked for
> binary equality with the staged artifacts.
> Also users could possibly buld the source release and compare those results
> with the artifacts in their companies repos hereby adding another level of
> certainty.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
