I had actually agreed with you , here was my initial comment , though I just wanted to look into upx github page more
okay now I understand what you mean.
Basically the same threat model follows if you want to unpack a upx
and it also states
- We will *NOT* add any sort of protection and/or encryption.
This only gives people a false feeling of security because
all "protectors" can be broken by definition.
What would you recommend instead ? .
But also if you are extracting that file , you are basically running it , but the main issue is that antivirus can't read it
But on https://upx.github.io/ , its given as
>secure: as UPX is documented Open Source since many years any relevant Security/Antivirus software is able to peek inside UPX compressed apps to verify them
I am really sorry mate but please read about upx once because I don't know why but you just seem so defensive to this change without actually giving any good reason. Though you do seem knowledgable so I am obviously looking to have more discussion , but just a bit more detailed.
Thanks , have a good day / good night