Hi,
On 10.01.2025 00:04, Herve Boutemy wrote:
-0
as I feared, same issue as Commons Release Plugin 1.9.0 RC1: wrong component
hash in SBOM (in this case, it's one dependency: commons-codec)
-0
Same problem: the SBOMs are not reproducible.
I also wonder if we really need to publish the `test.jar` and
`test-sources.jar`. I don't believe these are useful for users and they
contain a 30 MiB test CSV file.
Piotr
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
