gus-asf commented on PR #12096: URL: https://github.com/apache/lucene/pull/12096#issuecomment-1399171309
I don't understand what you mean by differentiate artifacts for the same commit hash. How would a time stamp do this? If they are different artifacts the contents and the name are all different, and a timestamp doesn't actually tell you which is which anyway. If they are the "same" artifact from the same commit hash, every bit of difference is a bad thing, creating doubt about whether or not they are actually equivalent. The point of repeatability is that if you build the same artifact from the same commit hash it should contain the same bytes in the same order and the sha/md5 hashes should be the same. Putting timestamps and usernames in the files makes them non-reproducible (there's also some question of how much detail about the build OS is worth while for this too, but that's a harder question) So adding information that tells the user what conditions are necessary to reproduce the artifact is good (JDK, OS, etc) but adding a timestamp that they can't ever hope to reproduce (without mindless post processing doesn't help. As I said it would only be progress towards a goal which takes additional changes to realize. For example zips and jars also embed time stamps, but there are ways of dealing with that... https://wiki.debian.org/ReproducibleBuilds/TimestampsInZip In any case this is a set of folks who's arguments seemed persuasive to me: https://reproducible-builds.org/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
