Comment 9 for bug 894755

Mark McLoughlin (markmc) wrote :

Issue looks valid to me - we can't trust what users upload to s3/objectstore

Fix looks fine too - it's a bit odd to open the file twice, but the alternative of doing something like is just too hacky. Also, no attempt is made to explicitly close the file if there's an exception, but that's true of the original untarzip_image() code too

So, yeah - lgtm too