While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled). References: https://github.com/facebook/zstd/issues/1630 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404
Created zstd tracking bugs for this issue: Affects: epel-7 [bug 1934853] Affects: fedora-all [bug 1934854] Affects: openstack-rdo [bug 1934855]
Statement: * In OpenShift Container Platform (OCP) the zstd package was delivered in OCP 4.3 which is already end of life.
Closing as won't fix.
reopening, woops, meant to close a tracker.