[Dev-luatex] Bug#1009196: texlive-binaries: Reproducible content of .fmt files
norbert at preining.info
Mon Apr 11 13:01:32 CEST 2022
Hi Hans, hi Roland,
thanks for your answer.
> it actually defeats one of the security properties of lua (which was
> explicitly introduced at some point: make sure that hashes have random order
> each run so that it's harder to retrieve sensitive data from mem)
Well, that is a good point to *not* implement the change.
Roland, do you have any comments? I guess the reproducability strive is
not as important as security.
So if something in this way should be done, it would need to
changes sort order if and only if FORCE_SOURCE_DATE=1 in the env
(this is what has required for tex engines to obey SOURCE_DATE_EPOCH
Roland, if you have time, please adjust the patch to work within the
PREINING Norbert https://www.preining.info
Mercari Inc. + IFMGA Guide + TU Wien + TeX Live
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
More information about the dev-luatex