Ever noticed that one of most exemplary cases of insecure temporary files is the way we treat installation root when building packages?
Gentoo solved something like this some time ago, if I recall correctly. On the other hand, their problem was a bit more serious, building packages is the daily routine of Gentoo Linux administrators, chance that they'll have an untrusted local user is much bigger.
There have been some efforts to obsolete the BuildRoot tag. That is probably the most elegant solution, but not likely in a reasonable timeframe:
However, we can do something ourselves:
Let us see what Packaging guys think.
Source code to the entries and scripts that format this site are available on github. Text of journal entries is licensed under CC-BY-SA license.
Mail questions, comments and pizza to lkundrak@v3.sk