Package: strip-nondeterminism Severity: wishlist It would be nice for strip-nondeterminism to ignore signed JARs (but print a warning), since its modifications will break the signature.
According to the jarsigner(1) man page, a signed JAR will have .DSA and .SF files in the META-INF, so we can look for those. An example of a signed JAR can be found in git://git.kali.org/packages/dirbuster.git _______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds