Hi KDE folks, The recent xz backdoor scandal made me realize how bad and obsolete distributing tarballs is. The source of truth for our code are the repositories, and releases can simply be tags on those repos.
As a big free software community, I think we should lead by example and get rid of tarballs altogether (as I hope to see in other projects as well) after the recent events. Packagers can git pull. If we ever replace git with something else, that something else will have tags as well. What's the advantage of providing tarballs? Albert