FOSS gamedev and creative worlds

[prestidigitator]

1.) I make it a habit to search for Lua standard library calls in mods' source code before loading them, and inspect very carefully use of any that might be dangerous (e.g. "dofile", "io.open", "os.*", etc.). In order to ease our minds a little about potentially malicious mods, has any sandboxing been done to mods' Lua environments (e.g. limiting use of system calls and limiting "dofile()" calls to the Minetest directory tree(s))? For an example of what I mean, see http://lua-users.org/wiki/SandBoxes

2.) Is there a reason that "dofile()" is used consistently throughout the game's Lua code and the source code of mods, instead of "module/require"? Has any effort been done to support actual Lua modules (i.e. module search paths and/or custom loading)? (See http://www.lua.org/manual/5.1/manual.html#pdf-module, http://www.lua.org/manual/5.1/manual.html#pdf-require, and http://lua-users.org/wiki/ModulesTutorial)

(EDIT: Okay, nevermind about "module", but the question stands about "require". See http://lua-users.org/wiki/LuaModuleFunctionCritiqued)

[rubenwardy]

Sapier's pull requests on GitHub would be useful for this topic.