Comment 15 for bug 1460152

@John Yay! The patches look great, thanks a lot! I leave the decision on hashing vs mtime to you/the security team. For me the mtime approach is good enough (unless I miss some failure case that is relatively easy to trigger, it seems it covers all but the most pathological cases) and it will solve this bug in a nice and clean way.