In addition to these instructions, I'd like voters to check Reproducible Build and report: to do so
1. please install locally maven-buildinfo-plugin https://github.com/apache/maven-studies/tree/maven-buildinfo-plugin 2. use JDK 7 and any Unix and build with "mvn -Papache-release,run-its -Dgpg.skip verify buildinfo:save"
If you are building on Windows, please add "-Dline.separator="\n""...
3. check the content of maven-release-policies/maven-release-semver-policy/target/aggregate.buildinfo against reference in attachment
Your should get the same sha512, even if you don't have exactly the same OS or JDK version.
Please share your results
On reproducibility test, I took time to install a JDK 7 on my Mac and test, and the results are not as good as expected:
- sources.jar are all different, because of a different order of META-INF/LICENSE DEPENDENCIES and NOTICE
- maven-release-plugin-3.0.0-M1.jar is different, just because I forgot to upgrade maven-plugin-tools (using version 3.2 which puts a date in generated xml)
- maven-release-manager-3.0.0-M1.jar is different because I forgot to upgrade plexus-components-metadata
Then 2 stupid plugins upgrade forgotten and one issue to dig into regarding the files in META-INF
But this is going in the right direction
----- Mail original -----
De: "Enrico Olivelli" <[hidden email]>
À: "Maven Developers List" <[hidden email]>
Envoyé: Mercredi 11 Décembre 2019 16:59:31
Objet: Re: [VOTE] Release Apache Maven Release Plugin version 3.0.0-M1