> Moralize all you want about where these upstreams should host their software, but why claim that the downstream package manager is “poorly implemented” to fetch source code from those hosts?
Because it should validate checksums of content of the tarball, instead of just the outside blob.
Then:
* you don't care about compression method or implementation
* you don't care about archive method or implementation
* your system works just as well for "download a tarball" as for "shallow copy the remote repo
Because it should validate checksums of content of the tarball, instead of just the outside blob.
Then:
* you don't care about compression method or implementation * you don't care about archive method or implementation * your system works just as well for "download a tarball" as for "shallow copy the remote repo