Comment 4 for bug 1990432

I wrote to the security irc channel about it, especially since similar code might be used in other openstack projects to process untrusted tar files, which would be a problem.

as discussed in IRC, I tend to agree that you should not use untrusted tar files in the kolla context, because these are also used to install software so that would not be a good idea anyway.

it's up to the securityteam now.