Hi! What do you think about publishing ftp://ftp.gnu.org/gnu/gnulib/gnulib-20241210-bundle ftp://ftp.gnu.org/gnu/gnulib/gnulib-20241210-bundle.sig
Which would be a Git bundle of the gnulib git repository. Read about Git bundles here: https://git-scm.com/docs/git-bundle It would be created something like this. Probably stable-* branches should be included too. git clone https://git.savannah.gnu.org/git/gnulib.git cd gnulib git bundle create gnulib-20241210-bundle master gpg --sign gnulib-20241210-bundle Why you may ask? 1) If savannah is offline or compromised, having widely mirrored known-good offline copies of the entire gnulib repository is nice. 2) Output of 'git clone' is not serialized or use a stable format, so a 'tar cfz gnulib-20241210.tar.gz gnulib/' works poorly. 3) It would add PGP-style authentication and integrity checking of the repository. Currently we only offer HTTPS only against Savannah and the WebPKI is not as strong as trusting a PGP signature directly. I thought about compression but git bundles appear to use good compression already: 81MB without compression compared to 70MB with xz-9 so hardly important. /Simon
signature.asc
Description: PGP signature
