LÖVE

Currently, .love files can write to everything as long as the running user has access. They can upload your private collection of home-made porn to the Internet, and replace the contents of each file on your file system with "lol".

It can do this because of the standard Lua libraries io and os. Now, the question is: should these libraries be removed? Yes, keeping them would be a risk, but should LÖVE really limit what developers can do?

EDIT: For the record, I'm not going to vote.

I voted no, but I actually want something in between, not completely sandboxed but preventing the program from doing too much harm.

I battle with this often, i know i CAN use io and os but do i really need to?

the only time i need to is when im farting around with an app idea, and love is not well suited for apps

as far as games go i see no reason for them to be there

Osgeld: good point. Don't really need it for games.

Bartbes: care to elaborate?

ps just make sure you replace os.time() with something

osgeld wrote:ps just make sure you replace os.time() with something

I'm sure there are a few more functions that can still be useful. I would suggest creating a dummy os table, with only time() (and maybe some of the other date/time functions (or clock()? (the longer this post gets, the more it starts to look like LISP))) in it. That way, (a little) compatibility with standard Lua is maintained, mostly to minimize (game developer) confusion and rewriting.

How about something like security certificates, similar to Java, where they user has to accept that a game might run evil code.
That way, people who want to use io instead of love.filesystem and os instead of, uhm, (nothing…?), can do that.
All the others can make games that are happy and safe and doesn't need the user to tell it that it may go ahead and lolify their system.

I think this has been suggested before too. Of course, you could probably skip the whole certificate things, and just ask when people run evil programs.

the problem with people is as soon as you imply that it could be evil, it becomes massively evil to them

I voted Yes, but only because I lean only slightly that direction. For the most part I am indifferent.

I'm kind of thinking about making io read-only, and preferably even home only.