Hi Hans, hi Roland,
thanks for your answer.
> it actually defeats one of the security properties of lua (which was
> explicitly introduced at some point: make sure that hashes have random order
> each run so that it's harder to retrieve sensitive data from mem)
Well, that is a good point to *not* implement the change.
Roland, do you have any comments? I guess the reproducability strive is
not as important as security.
So if something in this way should be done, it would need to
changes sort order if and only if FORCE_SOURCE_DATE=1 in the env
(this is what has required for tex engines to obey SOURCE_DATE_EPOCH
settings).
not only fmt, every output could suffer from the same problem if it depends on a lua table that is not an array -- temp data, log and pdf .
The format should serialize only array, or use a metatable
Even if we hard code in some way an ordered table data structure, it's still the responsibility of the format to use it -- but then metatables are more flexible.
--
luigi