When duperemove creates a new hashfile, it gets created with the default umask, so typically 0644 or world readable by default.
This poses a security risk, as it contains directory listings and content hashes for files and directories that are otherwise protected by filesystem permissions.
The hashfile should be created with 0600 permissions only. (Ideally the sysadmin should create it in a private directory, but quick invocations will typically just use /tmp or similar)
When duperemove creates a new hashfile, it gets created with the default umask, so typically 0644 or world readable by default. This poses a security risk, as it contains directory listings and content hashes for files and directories that are otherwise protected by filesystem permissions.
The hashfile should be created with 0600 permissions only. (Ideally the sysadmin should create it in a private directory, but quick invocations will typically just use /tmp or similar)