[ameliaquining]

At least in the Cloudflare case, if you look at the postmortem (https://blog.cloudflare.com/resolving-a-request-smuggling-vu...) and the commit that fixed the bug (https://github.com/cloudflare/pingora/commit/fda3317ec822678...), it's significantly more complicated than "they didn't read the RFC", and a conclusion that a diligent engineer would never ever make this kind of mistake does not seem justified.