Package: strip-nondeterminism
Severity: wishlist

It would be nice for strip-nondeterminism to ignore signed JARs (but
print a warning), since its modifications will break the signature.

According to the jarsigner(1) man page, a signed JAR will have .DSA
and .SF files in the META-INF, so we can look for those.

An example of a signed JAR can be found in

Reproducible-builds mailing list

Reply via email to