Good article. I particularly like that it raises the issue of unprotected length fields. I’d never thought about how security issues affect the suitability of a format for archival, but certainly if it became unsafe to use the existing libraries for the format, that would create work for archivists.
I’d recommend everyone have a look at https://github.com/vasi/pixz used possibly in combination with https://github.com/kholtman/afio as well.
OK well I guess the debate in my mind about bzip2 vs xz is over now.
zstd 1 2, or brotli 3, may be alternatives worth looking into as well.