Disclaimer: The content below is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. The content below is provided for educational purposes only, and not indicative of future performance. You should do your own research and consult a regulated financial advisor in matters of personal investment.
The other day I needed to verify that my machine had built a JAR file correctly by comparing it to another build on a
different machine. I noted the SHA1 hash of the original, built it again and the two were different. The source code was
identical since the git commit fingerprint was the same.
As regular readers will be aware, I do a lot of work within the Bitcoin community contributing code wherever I can.
Recently an interesting problem came up with the Bitcoinj library which has
highlighted a particular weakness within Maven that I feel more developers should be aware of: the dependency-chain