On Thu, May 06, 2021 at 01:10:45AM -0300, Alexandre Oliva wrote: > I have heard about early format changes, but since Linux itself has used > git archive to generate tarballs on the fly, and published digital > signatures based on archives generated this way, I presume an > expectation that changes to the format won't be made without a very > compelling reason.
I asked because, historically, the linux-libre project has chosen not to store tarballs of its generated linux-libre source trees. Linux, on the other hand, does store their tarballs in perpetuity, even if they are created with `git archive`. Do you know for sure that Linux generates tarballs "on the fly" and does not simply preserve the signed tarballs forever? Otherwise, the PGP signatures could go "stale" at some point, and that would be unprecedented and unacceptable.
