Criticisms of the .xz file format

Created on 2021-10-17T16:02:40-05:00

xz has had more vulnerabilities than gzip and bzip2
xz is a container which holds another container format
gzip, bzip2, and lzip are very simple formats which hold one thing
xz supports many integrity tests but they are optional so there is no guarantee integrity testing can actually happen with the tool you have
a simple version field should be used as tools can easily check it to see if they can support this file; xz does not while bzip2 and lzip do
length fields are not protected by integrity tests under xz