Thanks for the response! Regarding the reverse engineering of PackageCompiler compiled apps, I’m not worried about the user seeing the build machine paths or the function/type names. Python is also being considered, and it looks like it may have similar reverse engineering issues. The lowered code is more concerning, but if it would require significant effort to recreate the whole package source from the delivered sysimage/app, then that meets our requirements. Do you know if it would be straightforward for someone to use Julia’s metaprogramming (or other) capabilities to back out the source from the metadata available from macros like @code_lowered and @code_warntype? Am I understanding correctly that the --strip-ir and --strip-metadata remove this capability from the julia sysimage compiled with those options?
Thanks for the links to the --strip-ir and --strip-metadata options. I think that’ll address some concerns. Looks like I can pass those arguments to PackageCompiler.jl via the sysimage_build_args option. I found this comment in another thread helpful as well.