Tectonic – A modern, complete, self-contained Tex engine with Unicode support (opens in new tab)

Why rewrite TeX? To me TeX is one of the example of what a software project should aim to be, arrive to a stable version where it does what it should do and it work reasonably well. That was the initial idea of Knuth (in fact the version is a number that approaches PI one decimal at a time).

This is the contrary of the "modern" philosophy that says that we need to constantly modify, update or rewrite a software in "modern" languages even if it's a huge effort and risks introducing bugs that were not present in the original version.

Well, at least if we want to rewrite it let's just have to wait 10 years, then we can fed all the codebase to ChatGPT and ask for a new fancy Rust version!

Regarding of integration, TeX follows the (to me still relevant) UNIX philosophy that a software can be called by another software and the input/output communicates in a pipe. Nowadays we have even containers that let us distribute the software as a single unit so we don't have to worry about installing multiple files on a system. Not a big deal, in the end.

I've been looking at https://typst.app

not tex based, but uses CM fonts. I really think that trying to update the programming parts of TeX is necessary. sadly I'm struggling with fonts in svg figures.

but to suddenly see applying effort in this area and getting real traction is treat. so many thanks for the luminaries that put up the last one, but maybe its time for some rework after 40 years.

> I find it quite disappointing that we do not have 100% compatible LaTeX with a modern codebase

That would be a huge effort. Your time would be better spent designing and creating a new typesetting system.

Integrating TeX into a program inside exactly impossible now though. Pandoc gets along fine.

Also the way to trust code is isolation rather than verification, even rust has unsafe.

Not really what you asked for -- but there is an interactive modern typesetter that is programmable and works on trees. It's called TeXmacs - you may want to check out what it can do -- https://www.youtube.com/watch?v=H46ON2FB30U

Isn't it nice to get your software directly from the people who wrote it? At least I'm confident any malicious edits were made intentionally. If I add a distro middleman who knows what they messed up mucking around for no good reason.

Let’s say, for example, that I invite a friend over and offer them a glass of water. Would you be similarly upset to find that I don’t recommend that they first send a sample of the water to be tested for purity before consuming said glass of water? I mean, don’t get me wrong, I would be fine with my friend being cautious and wanting to get the water tested (though I doubt that would ever happen in practice)… but if he trusts me to give him clean water, I doubt you’d raise any fuss over him just downing a glass.

Why/how is this any different? Anyone that wants to inspect the shell script can amend that line to first save and view the script. Are you thinking it’s never appropriate to trust such a script implicitly? If that’s the case, I’d love to hear about your workflow for checking the packages you install (e.g. debs can run arbitrary post install scripts, and do you know that a malicious actor with signing keys didn’t taint the binaries therein?), how you inspect all JavaScript for sandbox escaping exploits before viewing anything on the web, how you’ve ensured your hardware itself isn’t backdoored, etc.

The complaints of piping directly into shell from an HTTPS server strikes me as nothing more than a “no real technologists does $THING!” sort of elitism, though I’m open to being shown otherwise. A non-answer would be to propose that one first fetch a package signing key and install from your package manager of choice — if the script we’re complaining about can’t be trusted, there’s no reason to trust that the key file is any better with it being hosted in exactly the same way… unless you’re going to propose that you use something along the lines of web-of-trust to inspire further confidence that the signing key is authentic; at that point, though, your problem is with how 99.9% of third-party software packages (with respect to your distro of choice) are distributed - every PPA I’ve ever seen (docker, mongodb, whatever) at best tells you to fetch a key from some HTTPS server, and that’s all. It would then strike me as suspect to single out curl|bash (while additionally implying something about Rust users).

As a non-Rust person, mind explaining the comment to a layperson?

Because safety is our #1 priority. Hah.

XeTeX allows me to use the system’s Truetype/Opentype fonts and Unicode without any of pdfTeX/Metafont voodoo necessary in previous times, and it did this flawlessly for more than ten years for me. LuaTeX took ages to finally get a 1.0 version, so there was at least a period of 8 to 10 years where XeTeX was simply the best and only solution.