Arnout Engelen · Arnout Engelen · 573dd7fa · 573dd7fa
--- a/_docs/jvm.md
+++ b/_docs/jvm.md
@@ -4,6 +4,10 @@ layout: docs
 permalink: /docs/jvm/
 ---

+The conventions for the JVM ecosystem are under active development.
+Join the discussion on the
+[mailinglist]({{ "/docs/contribute/" | prepend: site.baseurl }}).
+
 The JVM ecosystem provides many languages and build tools.
 Since the JVM is not reproducible-friendly from the beginning
 -- jar/zip files, with files order and timestamp, are a first natural source of variation --,
@@ -15,18 +19,21 @@ Buildinfo File
 Whatever the build tool is, binary JVM artifacts are generally published in artifact repositories
 like [Maven Central](https://search.maven.org/) or [Google's Android Repository](https://dl.google.com/dl/android/maven2/index.html).

-Being able to rebuild artifacts published in these repositories will require some information: where to get the source tarball from,
+Being able to rebuild artifacts published in these repositories will require some information: where to get the sources from,
 which environment to setup to rebuild the artifacts.

 This is the puropse of JVM Buildinfo files that are expected to be published alongside artifacts
-as `${artifactId}-${version}.buildinfo`, in Java properties format:
+as `${artifactId}-${version}.buildinfo`, in
+[Java properties format](https://en.wikipedia.org/wiki/.properties).
+For multi-module builds, each produced artifact will have its
+own buildinfo file:


 ```
 #### Work In Progress ####
 name=<name as in pom.xml>
-groupId=<groupId as in pom.xml>
-artifactId=<artifactId as in pom.xml>
+group-id=<groupId as in pom.xml>
+artifact-id=<artifactId as in pom.xml>
 version=<version as in pom.xml>

 # source information, as source tarball in repository and/or scm coordinates
@@ -37,14 +44,21 @@ scm.tag=<source control management tag as in pom.xml>
 # build environment information
 java.version=<full Java version>
 build-tool=<mvn|sbt|...>
-# sbt-specific information
+
+# Each build tool or plugin is free to add additional entries to the buildinfo.
+# For example, the sbt plugin may add the following for Scala:
 sbt.version=1.2.3
 scala.version=2.12.6

-# output
-1.filename=<file name>
-1.length=<file size>
-1.sha512=<sha512>
+# A buildinfo file can contain checksums for multiple output files, for
+# example for the main jar and the accompanying pom.xml:
+outputs.0.filename=<file name>
+outputs.0.length=<file size>
+outputs.0.checksums.sha512=<sha512>
+outputs.1.filename=<file name>
+outputs.1.length=<file size>
+outputs.1.checksums.sha512=<sha512>
+...
 ```

 Notice that `${artifactId}-${version}-sources.jar` files published in Maven repositories are not buildable sources, but [sources for IDEs](https://central.sonatype.org/pages/requirements.html#supply-javadoc-and-sources).
@@ -57,5 +71,10 @@ Reproducible Builds for Maven

 See [https://reproducible-maven-builds.github.io/](https://reproducible-maven-builds.github.io/).

-Reproducible Builds for Scala SBT
---------------------------------
+Reproducible Builds for sbt
+---------------------------
+
+When using [sbt](https://www.scala-sbt.org/), a build tool popular with Scala
+projects, you can use the
+[sbt-reproducible-builds](https://github.com/raboof/sbt-reproducible-builds)
+plugin to strip your artifacts and share buildinfo information.
--- a/_docs/recording.md
+++ b/_docs/recording.md
@@ -57,41 +57,13 @@ necessary to reproducibly rebuild that revision of Tails.

 ### JVM

-The buildinfo conventions for the JVM ecosystem are under active development.
-Join the discussion on the
-[mailinglist]({{ "/docs/contribute/" | prepend: site.baseurl }}).
-
-The format for buildinfo files in the JVM ecosystem is a
-[.properties file](https://en.wikipedia.org/wiki/.properties).
-For multi-module builds, each produced artifact will have its
-own buildinfo file.
-
-Common keys are:
-
-|key|meaning|
-|-|-|
-|name|Name of the packaged entity|
-|group-id|Corresponds to the Maven group id or Ivy organization|
-|artifact-id|Corresponds the the Maven artifact id or Ivy artifact name
-|version|Version of the software|
-|java.version|Version of Java used to build the software|
-|build-tool|Name of the build tool used to build the software, e.g. `maven` or `sbt`|
-
-Each build tool or plugin is free to add additional values to the buildinfo.
-For example, [sbt-reproducible-builds](https://github.com/raboof/sbt-reproducible-builds) adds:
-
-|key|meaning|
-|-|-|
-|sbt.version|Version of sbt used to build the software|
-|scala.version|Version of Scala used to build the software|
-
-A buildinfo file can contain checksums for multiple files, for example for the
-main jar and the accompanying pom.xml:
-
-|key|meaning|
-|-|-|
-|files.0.filename|Filename of the first file|
-|files.0.length|Length of the first file|
-|files.0.checksums.sha256|SHA-256 Checksum of the first file|
-|files.1.filename|Filename of the second file|
-|files.1.|Etc.|
+In the JVM ecosystem it is common to distribute libraries as binary (bytecode)
+jars uploaded to a repository like [Maven Central](https://search.maven.org/)
+or
+[Google's Android Repository](https://dl.google.com/dl/android/maven2/index.html).
+
+It is recommended that the buildinfo describing the build environment used for
+that official build is published alongside each artifact. Third party
+attestations can be shared in a separate sig-repo. For a detailed overview of
+the conventions so far see the separate
+[JVM page]({{ "/docs/jvm/" | prepend: site.baseurl }}).