On Sun, Jun 4, 2023 at 2:03 PM Michael Orlitzky <m...@gentoo.org> wrote: > > On Sun, 2023-06-04 at 13:31 -0400, Mike Gilbert wrote: > > This allows users to maintain the saved config file in some other > > location. > > > > If so, the symlink should point to a superuser-only location to avoid > creating any new vulnerabilities. We can't fix the general problem, but > we could at least mention in the docs that symlinks will (now) be > followed and that users should be careful if they want to maintain the > files elsewhere.
That seems self-evident to me, and I don't think it warrants a callout in the documentation.