Rémy Sanlaville wrote:
Hi,
I would like to make sure that my project build is reproducible.
For instance, I want to be sure that I can package again a tagged version.
So I am looking for a tools that can compare two package (two jar, two war,
two ear...) and eventually shows the potential differences.
Do you know if a such tools exists ?
In order two verify if two package are identical, I was thinking of
generating and comparing the corresponding checksum (md5 or sha1) .
Do you think that it would be good enough ?
Comparing checksums can be a bad strategy if any of your build artifacts
are crypographically signed or otherwise include data which might
legitimately vary from build to build because it is time dependent or
actually includes date or time stamps.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
