[caaqil]

> It's admiring how quickly they fix these

This is a weird comment, especially on this fix. The bug was reported back in 2018. From the linked blog post:

   We also want to thank Florian Weimer for reviewing the UNIX-like fix and for 
   reporting the same issue back in 2018, even though the Security Response WG 
   didn't realize the severity of the issue at the time.

See: https://github.com/rust-lang/rust/issues/48504

[dralley]

It wasn't known to be a security vulnerability as time.

[dundarious]

Failing to recognize it as such is not a hugely different kind of failure. Symlink attacks have been known about for a long time. I'm not castigating the devs/teams here (I don't even think the underlying security risk is that high) but any credit for speedy response should carry caaqil's significant caveat.