How my minimal, memory-safe Go rsync steers clear of vulnerabilities

Great writeup. Every language should add os.Root-like APIs to their standard libraries, it's great. I used a very stripped down version in SecureDrop after we had a few path traversal issues, and now, if you use the correct API, it's eliminated as an entire class of vulnerability.