Hi,

I propose the attached patch which does not change the default behaviour
of pdftex but if the environment variable SOURCE_DATE_EPOCH is set it

I'm not sure.

Meanwhile, Thanh has already made changes in the pdftex source
repository, revision 724 at
https://foundry.supelec.fr/scm/viewvc.php/branches/stable/source/?root=pdftex
(project page: https://foundry.supelec.fr/projects/pdftex/)

I append his message about it (sent privately). Will it suffice for
you? --karl

--------------------------------------------
From: The Thanh Han
[...]
2 new commands were added. Usage examples:

\pdfinfoomitdate=1
% tell pdftex not to write the default CreationDate and ModDate;
% however custom values specified via \pdfinfo{} will always be outputted

\pdftrailerid{} % tell pdftex to omit trailer id, or
\pdftrailerid{abc} % provide custom value for trailer id

A minimal test file was included in the commit:
https://foundry.supelec.fr/scm/viewvc.php/branches/stable/tests/03-deterministic-output/?root=pdftex

Regards,
Thanh

Hello all.

As the original submitter, I would have liked an opportunity to
discuss the choices, or else a word of explanation about them, or at
least an alert about the commit, as I did mention that I was not
reading the list [1].

I understand that upstream authors of a widely used software need to
discuss privately before announcing changes, but now that you are at
the coding stage, please consider answering a few questions about the
selected design.

The CreationDate and ModDate are optional. Why set them, unless
\pdfinfo asks for that?

If you set them by default, and we do not find a work-around like [2],
everyone concerned with reproducible builds will need to insert
\pdfinfo{/CreationDate(D:19900101000000Z00'00')/ModDate(D:19900101000000Z00'00')}
or
\pdfinfo{/CreationDate(D:$DATEZ00'00')/ModDate(D:$DATEZ00'00')}
into every TeX source during each build, or patch pdftex for its own
use. What concrete need does \pdfinfoomitdate answer?

The ID field is optional. Why set it, unless \pdftrailerid or similar
asks for that?

If you set it by default, the following suggestion may help doing so
without a new \pdftrailerid macro.

As I understand section 10.3 of the PDF specification [3], a md5 sum
of the time, directory and base name is only a very vague
implementation suggestion. Any randomly generated string, or
non-cryptographic hash sum of the PDF file would satisfy the purpose
better, with the latter being reproducible.

For example, would you consider defining the ID as an 8 characters
hexadecimal represention of a 32 bits XOR sum of all contents written
to the output file so far? The performance impact and collision risk
would both be very small.

Is there any benefit in keeping the current implementation by default?

In the current implementation, what is the benefit of taking gmtime()
into acount for the md5 sum, instead of CreationDate?

[1] http://tug.org/mailman/htdig/pdftex/2015-May/008940.html
[2] http://tug.org/pipermail/pdftex/2015-July/008954.html
[3] http://www.adobe.com/devnet/pdf/pdf_reference_archive.html

Akira, Nicolas -

Thanh is away for ~3 weeks. He will review both the SOURCE_DATE_EPOCH
patch (which I suspect will be fine) and Nicolas's other comments when
he's back.

The current code is not setting anything in stone. It was a first shot,
so we could try to garner feedback from some TeX people who chimed in on
the conversation (elsewhere).

Best,
Karl