On Tue, 4 Jun 2024 at 11:35, Josef Schlehofer <pepe.schleho...@gmail.com> wrote: > > Hi guys, > > Since commit [1], I see that OpenWrt switched to zst compression for checking > out Git sources, but it looks like the conversation about enforcing package > source code integrity checks [2] did not reach a conclusion (and it is > problematic, though). Anyway, in OpenWrt feeds, we are downloading tarballs > with .tar.xz extensions, which is preferred, as said in our CONTRIBUTING.md > [3]. > > What should we agree upon with this? > 1. Should we stick to using still .tar.xz? > 2. Should we use .tar.gz or any other extensions? > However, tar.gz is bigger, but that should not be an issue at all since we > are downloading these packages on hosts. However, we need to keep an eye on > mirrors's storage. > > This discussion is raised because package maintainers are not sure what to > do, and once in a while, we switch to .tar.gz and then to .tar.xz for no > reason [4].
Hi Josef, This is my personal opinion and nothing more. Personally, I have moved away from XZ as much as possible after the security nightmare. Ideally, projects would start to finally provide ZSTD compressed tarballs. Regards, Robert > > [1] > https://github.com/openwrt/openwrt/commit/706f0e395f5392da0a502f1039aa01ca14849ec5 > [2] https://lists.openwrt.org/pipermail/openwrt-devel/2024-April/042594.html > [3] > https://github.com/openwrt/packages/blob/master/CONTRIBUTING.md#package-sources-archives-and-repositories > [4] https://github.com/openwrt/packages/pull/24299/files > > Regards, > Josef > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel