alt Hacker NewsCould you help me understand why the remaining 5% is not bit-for-bit reproducible? For example... if you download a tar of sources pinned to a version, and you run `./configure` and `make` in some kind of container and it doesn't embed some kind of timestamp... why are 95% reproducible and some aren't? Would like to learn/understand.
Hashtables keyed off the address of objects would be an example.
On multiple runs, malloc gives out different addresses (thanks to threads or security concerns) which means things end up in different slots in the table. Then you iterate through it in memory order and you're seeing objects in non-deterministic order, which you do things with.
Embedding file paths / timestamps / git shas and similar was popular for a while too and unhelpful for reproducible builds.