GNU Parallel has had a (theoretical) security issue a few years back: https://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
Therefore GNU Parallel tries to be conservative to avoid surprising results. --unsafe will allow GNU parallel to run in environments and on input that are untested and thus may cause surprising results and even security issues, where an evil attacker can influence the results. Think attacks similar to Shellshock: https://en.wikipedia.org/wiki/Shellshock_(software_bug) This of course has a negative effect when I restrict e.g. $PWD can only contain [-a-z0-9_+,.%@:/= ] and gives the bad experience that you now have to use --unsafe to allow $PWD to contain other characters - e.g. Japanese. Especially if GNU Parallel *does* the right thing. And it is doubly bad because in version X you *must* use --unsafe, whereas before version X you *must* not --unsafe. So I think there is a discussion to be had here: Should GNU Parallel just accept any input (including environment variables) and use those? This may cause surprising results and even security issues, because it has not been tested. Or should GNU Parallel be restrictive and force you to use --unsafe, when you are doing something that is not tested. If you are forced to use --unsafe all the time for something that is safe, it is time to file a bug report and have a discussion how to make your situation well tested and safe. A third option is to issue a warning instead of an error. This way the command will run, but you will be made aware that you are doing something untested. Let me hear your thoughts. /Ole
