[Interest] Qt Resource Compiler - why does it randomize the order of items?

André Pönitz apoenitz at t-online.de
Mon May 19 23:10:10 CEST 2014


On Mon, May 19, 2014 at 01:53:58PM +0100, Richard Moore wrote:
> On 19 May 2014 09:18, Ola Røer Thorsen <ola at silentwings.no> wrote:
> 
> > Hi,
> >
> > If I call rcc (the Qt Resource Compiler) twice using the exact same input,
> > the resulting .cpp files are never exactly the same. They are all
> > completely valid, just the ordering of "items" inside is different. I'm
> > just curious, why?
> >
> >
> It's due to the hash randomisation. This was done to avoid DoS attacks that
> can be performed by  tweaking data to ensure it always falls into the same
> hash bucket.

Do we think this is useful to have for the specific case of rcc, or,
rather, that this outweighs the benefits of reproducible build results?

Andre'




More information about the Interest mailing list