- From: Brendan Eich <brendan@secure.meer.net>
- Date: Mon, 02 Sep 2013 12:57:02 -0700
- To: "Tab Atkins Jr." <jackalmage@gmail.com>
- CC: Boris Zbarsky <bzbarsky@mit.edu>, "public-script-coord@w3.org" <public-script-coord@w3.org>
Tab Atkins Jr. wrote: > On Mon, Sep 2, 2013 at 12:25 PM, Brendan Eich<brendan@secure.meer.net> wrote: >> > No, but thanks for your patience going through why it's hard to require a >> > canonical order. We'll have to do one or both of: >> > >> > * Leave things unspecified. >> > >> > * Add the random starting index_a la_ Go, as Tab suggests. >> > >> > In either case, we would hope that the problem Bjoern cites doesn't come to >> > pass (that one implementation's order becomes a de-facto standard). Without >> > evidence I have a hard time believing either bullet-point affects the >> > likelihood of that problem arising. > > Well, we know from experience that the first one is a no-go - we > always end up with compat pain, sometimes getting bad enough to force > a de facto order to become a de jure one. That's not a "no go". We don't like it but sometimes, and I can defend a few in ECMA-262, underspecification is a net win. Doing more here may not help (Bjoern's point) and definitely costs. It might be "worth a try", or not -- I'm not sure. What PRNG (Math.random? Hope not, should not be correlatable) or RBG (Crypto.getRandomValues)? Has anyone drafted a spec? We aren't using Go so we may not want to copy whatever it does in detail. /be
Received on Monday, 2 September 2013 19:57:32 UTC