MaxKellermann commented on pull request #166: URL: https://github.com/apache/commons-vfs/pull/166#issuecomment-796859992
> I think it's better because making it `synchronized` won't fix the TOCTOU of users who call the method unsychronized. Fixing TOCTOU bugs outside of that method (which this method cannot know about) is obviously only the caller's responsibility. But the method itself should be safe (or explicitly documented that it's unsafe). ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
