[Karellen]

> Arch Linux as well for every package downloading tarballs from GitHub. Packages checking out the git source tree are not affected, but they are a minority.

It feels like people are using git wrong.

[anjbe]

When building distro packages from source, the full revision history of a Git repo is unnecessary. Downloading just the source code of a specific commit or tag with curl is simpler, faster, has fewer dependencies, and is less prone to breakage (well, unless your URLs change under you, as happened here).

[jeroenhd]

Git allows checking out only a limited set of changes with the --depth flag:

    git clone --branch v1.0 --depth 1 https://github.com/example/example.git

The parameter is called --branch but it also takes tags.

It's not as fast as fetching a ZIP file, but it gets pretty close.

From my count, this method only requires one dependency (git) whereas the curl + unzip method requires, well, both curl and unzip.

The zip download method (download, decompress, build, compress into package, decompress onto system) is already silly enough, the first decompression part can easily be dropped.

[anjbe]

> It's not as fast as fetching a ZIP file, but it gets pretty close.

In the context of distro packages (the bug report mentioned OpenBSD and Fedora) you might be building tens of thousands of packages of which thousands are likely to come from GitHub. A small difference becomes greatly magnified.

> From my count, this method only requires one dependency (git) whereas the curl + unzip method requires, well, both curl and unzip.

You’re forgetting that git itself depends on curl.

[Karellen]

The first time, sure. But the second time, a `git pull` should normally be significantly quicker.

Heck, you could check if the tag you want already exists in the repo you have and skip the `git pull` a lot of the time.