Code review comment for lp:~salgado/launchpad/use-meliae

> > >
> > > > * Can we use a configurable file instead of an hardcoded one?
> > >
> > > I considered that, but I couldn't come up with any use cases that would
> > > require changing the file path. I also try to use config values only
> > > for things that change between environments -- which doesn't seem to be
> > > the case here.
> >
> > Well, a hardcoded path under /tmp is vulnerable to symlink attacks
> > (overwriting of arbitrary files owned by the user).
>
> To exploit that one would need access to the file system, right, in
> which case they could just as easily read the hard-coded value from the
> config (if we were using a config value). Anyway, I'm willing to move
> it to a config variable if you feel strong about it.
>

OK, fine.