hboutemy
commented
2 years ago trying to analyze: issue happens only with exclusions in dependencies flatten-plugin writes the pom with MavenXpp3Writer class that writes exclusions in a reproducible way: https://maven.apache.org/ref/3.8.5/maven-model/xref/org/apache/maven/model/io/xpp3/MavenXpp3Writer.html#L766 BUT the class itself does not do the same order before and after 3.8.1: for example in Maven 3.6.3 (that is used by rebuild.sh), order is opposite https://maven.apache.org/ref/3.6.3/maven-model/xref/org/apache/maven/model/io/xpp3/MavenXpp3Writer.html#L766
consequences:
- no issue in flatten-maven-plugin
- it's a question of choice of Maven version: with 3.8.2+, it writes groupId then artifactId, with 3.8.1- it writes artifactId then groupId
for example exclusions gavs in https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/camel/camel/camel-3.13.0.diffoscope