You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Every release cycle, we run all of our tests with the upcoming release. And every release cycle, it seems, we discover several new places that expect the output of compress/gzip and archive/tar to be stable for all time.
This is tricky, however, because it's probably reasonable to depend on the output of these packages to be consistent within any given binary. Perhaps a build stamp could be an input to the randomizer, or randomization could be only in tests, or both.
The text was updated successfully, but these errors were encountered:
@dsnet, we definitely don't want archive/zip and archive/tar to start generating random output. We're trying in another bug to have reproducible builds for Go. And what would it mean for encoding? Randomized orders? Another bug is proposing we start sorting more in fmt, for instance.
I think this would cause more pain than it'd solve.
We used to do this, by putting time stamps in the output, and we took them out precisely to get repeatable output. I don't see why we would make it non-repeatable again. Like you say, it's entirely reasonable to depend on the output of these packages to be consistent within any given binary.
We do agree it can change from release to release. I don't see a nice way to rub that in everyone's faces though. Note also that we decided against #13884 for pretty much the same reasons.
And it should be noted that most container image formats are based on Go's archive/tar. I'm trying to move everyone away from it, because it's an awful format for that usecase, but to randomise it would be to intentionally break layer caching and reproducibility for most container image formats.
Every release cycle, we run all of our tests with the upcoming release. And every release cycle, it seems, we discover several new places that expect the output of compress/gzip and archive/tar to be stable for all time.
Perhaps there's some way to introduce deliberate randomness into this output, along the lines of map iteration order randomization and https://go-review.googlesource.com/c/go/+/64451.
This is tricky, however, because it's probably reasonable to depend on the output of these packages to be consistent within any given binary. Perhaps a build stamp could be an input to the randomizer, or randomization could be only in tests, or both.
The text was updated successfully, but these errors were encountered: