Hi, personally I'm opposed to the entire code load thing.
First of all I was unable to reproduce the tarballs offered by Github. Github seems to use an extended tar (pax) format while we pack our SCM clones using the more traditional ustar format, however even using `tar -cp -H pax --numeric-owner --owner=0 --group=0 --sort=name --mtime ...` seems to yield a different tar stream compared to whatever is offered by Github; - The order of the entries in the archive also seems to deviate from that of `tar --sort=name`, it looks as if Github archives are sorted using the "C" collate while GNU tar uses something else. - The PAX header format seems to be different, Github uses a global PAX header while GNU tar produces per-member headers - There seem to be proprietary tags inside Github tar (comment=<sha1>) which are not present in the GNU equivalent Furthermore I dislike the idea of tailoring download mechanisms around a specific proprietary service. If the allegations about hash changes for unknown reasons are correct, then this raises a huge red flag for me and I see no reason to not assume that codeload tarballs will eventually change as well, become rate limited, redirected, discontinued or changed in other arbitrary ways. So TLDR; I prefer a locally reproducible, cached tarball of a given SCM clone over an opaque Github offer. My 2cents, Jo _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel