Affected version
3.5.0
Bug description
Due to #73, manifests generated via toolchain are populated with two additional entries (Build-Jdk-Spec and Build-Tool-Jdk-Spec); despite their informative usefulness, they violate the principles of reproducible builds:
Build-Jdk-Spec is acceptable only if a project pins a specific JDK version in its toolchain configuration, otherwise it may vary across build environments!Build-Tool-Jdk-Spec is straightforwardly harmful, as it records the JDK running Maven itself, which is entirely independent from the build configuration!
Expected behavior
To ensure reproducible builds, it is fundamental to give users the ability to exclude such entries, tying them to addBuildEnvironmentEntries configuration parameter.
Affected version
3.5.0
Bug description
Due to #73, manifests generated via toolchain are populated with two additional entries (
Build-Jdk-SpecandBuild-Tool-Jdk-Spec); despite their informative usefulness, they violate the principles of reproducible builds:Build-Jdk-Specis acceptable only if a project pins a specific JDK version in its toolchain configuration, otherwise it may vary across build environments!Build-Tool-Jdk-Specis straightforwardly harmful, as it records the JDK running Maven itself, which is entirely independent from the build configuration!Expected behavior
To ensure reproducible builds, it is fundamental to give users the ability to exclude such entries, tying them to
addBuildEnvironmentEntriesconfiguration parameter.