RFR: 8238650: Allow to override buildDate with SOURCE_DATE_EPOCH
kcr at openjdk.java.net
Tue Feb 25 18:20:07 UTC 2020
On Tue, 25 Feb 2020 18:15:31 GMT, Bernhard M. Wiedemann <github.com+637990+bmwiedemann at openjdk.org> wrote:
>>> FWIW, I have scripts that will unpack the modular jar files and diff each class
>> I agree that such specialized diff tools have some value, yet, there are also some limitations and downsides to them. E.g. you cannot simply tell another party what the expected sha256sum of a build result is.
>> https://www.suse.com/c/?p=42014 also has a section on problems with "the use of specialized comparison tools like [openSUSE's] ‘build-compare‘ "
>> I probably should write an FAQ entry about that topic...
>>> each released build is necessarily going to be different because you want a unique time stamp and build number associated with it.
>> For release builds, it is important that other people can take the released sources and reproduce the same original binaries with the same release number (and ideally same timestamps) to easily verify that the build was clean (not corrupted by bad CPUs/RAM/HDDs or someone messing with the build machine).
>> I heard, some people even use that to save network bandwidth: add a small patch locally+remotely, build it locally, tell the world the new build hash, but have others upload their binaries with the right hash.
> Hi, did you find time to review this?
No, I'm pretty backed up on reviews. It's on my queue, though.
More information about the openjfx-dev