Make Beam released artifacts reproducible #18480
Description
There is a recent movement to create a verifiable path from source code to binary releases in different open source projects. See http://reproducible-builds.org/
For the case of Java binaries (classes and jars) if we want to have a reproducible build we need to have a consistent build environment so we can reproduce those.
For Beam we need to create an environment with a fixed version of the Java compiler, maven and its plugins. This is addressed by BEAM-1534. But also by including the (JDK/Maven versions) used to generate the jar artifacts in the information to validate at the vote. Additionally we need to fix the Jar files because by default the maven-jar-plugin include the timestamp of the build in the files which breaks the reproducibility of the process, fortunately there is a Maven plugin that fixes this and that we can include in the release build.
Imported from Jira BEAM-2727. Original Jira may contain additional context.
Reported by: iemejia.