...

The goal of this proposal is to prepare a set of configuration and practices to have reproducible/verifiable builds at packaging time, both by enhancing java natural build behaviour and by removing some variability introduced by some Maven plugins (core plugins at first, but also in the Maven eco-system)

Use cases

1. As a user of artifacts published on repositories like Maven Central, I want to be able to check that the binary version of the artifact matches its source version. On a software QA point of view, this would allow to detect quality problems in the build/publish process. On a computer security point of view, this would allow to detect the introduction of a backdoor during the build/publish process.

Sources of unreproducible bits

...