cyclonedx-dotnet icon indicating copy to clipboard operation
cyclonedx-dotnet copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Builds should be deterministic

Open coderpatros opened this issue 5 years ago • 3 comments

This probably depends on #174 being resolved first.

This would enable users of this implementation to verify what has been published to nuget matches the relevant commit tag.

coderpatros avatar Jul 01 '20 03:07 coderpatros

Thinking about this some more this doesn't depend on #174. If we changed to using a dockerfile for release builds users could check out a particular version and re-run the build quite easily. Although a helper script which also downloaded the corresponding nuget package version would be handy.

coderpatros avatar Jul 01 '20 04:07 coderpatros

From my experiments with this it’s not straightforward. And is dependent on a couple of things that the .NET team are currently working on.

coderpatros avatar Jul 11 '20 03:07 coderpatros

This issue is stale because it has been open for 3 months with no activity.

github-actions[bot] avatar Jan 21 '24 02:01 github-actions[bot]