When not set, the default is 0644.

This is a bad idea. The default should be whatever the remote provides, which may be based on directory permissions, ACLs, the server's configuration, the username/authentication credentials used...

Directory ACLs can provide a default permission for new files. Server configurations may provide a umask (or equivalent) for new files, as may the login file (e.g. .bashrc) for the account under which it (or the transfer) runs.

Forcing 0644 would enforce a policy choice that may not match the remote server's requirements. cURL should not be setting an arbitrary security policy. Defaults also vary by OS - while 0644 is common for Unix, it's not the default for others.

I support providing a means for the user to request specific permissions - this is a good idea. But the default should not be to override the remote's defaults. The default should be to do nothing - let the remote server do its job.

The same analysis applies to establishing file ownership -- absent a specific user request, cURL wouldn't send a --quote chown to set the remote file's owner or group to the same as the local owner/group. The remote system may not have the same account structure as the local system - and jsmith on the remote may refer to Jane, not John.

I agree with @tlhackque. I have not reviewed the code yet but as far as I understand the argument can be provided without any subarguments. I would suggest to enforce the input of a mode then?

When not set, the default is 0644.
This is a bad idea.

This is already what the code does, this PR doesn't introduce this.

The default should be whatever the remote provides

No can do. We need to set the exact mode for all these three protocols. Unless you know more than I do.

the argument can be provided without any subarguments. I would suggest to enforce the input of a mode then?

I don't understand what you're suggesting here. Can you rephrase or show with an example?