On Tue, 21 Mar 2017 at 04:54 Marius Gedminas <mar...@gedmin.as> wrote:
> On Mon, Mar 20, 2017 at 11:30:59AM +0000, Robin Becker wrote: > > thanks for this; it seems the emphasis is on security. If the intent is > that > > reportlab should be able to reliably reproduce the same binary output > then I > > think I need to do more than just fix a couple of dates. We use many > > dictionary like objects to produce PDF and I am not sure all are sorted > by > > key during output. > > I'm sure the reproducible builds folks will send you patches if they > find any spots that you missed. ;-) > > > Is there a way to excite dictionary ordering changes? I believe there was > > some way to modify the hashing introduced when the dos dictionary attacks > > were an issue. Would it be sufficient to generate documents with say > Python > > 2.7 and check against 3.6? > > Python 3.6 changed the dict implementation so the ordering is always stable > (and matches insertion order). > Do realize that is an implementation detail and not guaranteed by the language specification, so it won't necessarily hold in the future or for other interpreters. -Brett
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
