On 2025/01/10 08:38:57 "Piotr P. Karwasz" wrote:
> Hi,
>
> On 10.01.2025 00:04, Herve Boutemy wrote:
> > -0
> >
> > as I feared, same issue as Commons Release Plugin 1.9.0 RC1: wrong
> > component hash in SBOM (in this case, it's one dependency: commons-codec)
>
> -0
>
> Same problem: the SB
On 2025/01/10 01:32:55 Gary Gregory wrote:
> On Thu, Jan 9, 2025 at 6:05 PM Herve Boutemy wrote:
> >
> > -0
> >
> > as I feared, same issue as Commons Release Plugin 1.9.0 RC1: wrong
> > component hash in SBOM (in this case, it's one dependency: commons-codec)
> >
> > When I read
> > > Built u
> Are you sure install is not needed with multi-module builds?
yes: this issue existed sometimes with Maven 2
but starting with Maven 3, reactor inter-module resolution works flawlessly
Regards,
Hervé
On 2025/01/09 23:56:38 sebb wrote:
> On Thu, 9 Jan 2025 at 23:04, Herve Boutemy wrote:
> >
> >
On Fri, Jan 10, 2025, 17:54 sebb wrote:
> On Fri, 10 Jan 2025 at 22:34, Gary Gregory wrote:
> >
> > On Fri, Jan 10, 2025 at 4:07 PM sebb wrote:
> > >
> > > On Fri, 10 Jan 2025 at 01:25, Gary Gregory
> wrote:
> > > >
> > > > Hi Sebb,
> > > >
> > > > It's not a hack but the Maven way of providin
On Fri, 10 Jan 2025 at 22:34, Gary Gregory wrote:
>
> On Fri, Jan 10, 2025 at 4:07 PM sebb wrote:
> >
> > On Fri, 10 Jan 2025 at 01:25, Gary Gregory wrote:
> > >
> > > Hi Sebb,
> > >
> > > It's not a hack but the Maven way of providing reproducible builds as
> > > documented here:
> > > https://
On Fri, Jan 10, 2025 at 4:07 PM sebb wrote:
>
> On Fri, 10 Jan 2025 at 01:25, Gary Gregory wrote:
> >
> > Hi Sebb,
> >
> > It's not a hack but the Maven way of providing reproducible builds as
> > documented here:
> > https://maven.apache.org/guides/mini/guide-reproducible-builds.html
>
> I see.
On Fri, 10 Jan 2025 at 01:25, Gary Gregory wrote:
>
> Hi Sebb,
>
> It's not a hack but the Maven way of providing reproducible builds as
> documented here:
> https://maven.apache.org/guides/mini/guide-reproducible-builds.html
I see. Still seems like a hack to me.
Presumably the date can be chang
On Fri, Jan 10, 2025 at 3:40 AM Piotr P. Karwasz
wrote:
>
> Hi,
>
> On 10.01.2025 00:04, Herve Boutemy wrote:
> > -0
> >
> > as I feared, same issue as Commons Release Plugin 1.9.0 RC1: wrong
> > component hash in SBOM (in this case, it's one dependency: commons-codec)
>
> -0
>
> Same problem: th
I have:
* checked out git tag commons-csv-1.13.0-RC1
* verified it corresponds to f2f1cffe53cde4b36623403bdc27855cec01fac2
* downloaded source zip and tgz
* verified the hashes match
139a40878b45027d2b7b481eb0ec51f829c155747b096b4acb639ee18acc2b4c994232d623cd2bdf84d8147ec96a4cf9b327567435f2806f0dc9
Hi,
On 10.01.2025 00:04, Herve Boutemy wrote:
-0
as I feared, same issue as Commons Release Plugin 1.9.0 RC1: wrong component
hash in SBOM (in this case, it's one dependency: commons-codec)
-0
Same problem: the SBOMs are not reproducible.
I also wonder if we really need to publish the `tes
Hi sebb,
On 10.01.2025 00:56, sebb wrote:
On Thu, 9 Jan 2025 at 23:04, Herve Boutemy wrote:
When I read
Built using: mvn clean install site -s "$HOME/.m2/commons-settings.xml"
install should seriously be avoided when voting, but verify or package
Are you sure install is not needed with mult
11 matches
Mail list logo
