pleroma.debian.social

Should we provide a 7zip compressed version of the release tarballs?

https://curl.se/mail/lib-2024-10/0001.html

@bagder As a Windows user (and somebody who's been using 7-zip since 2002), I really don't see any point in .7z over .tar.xz – the size difference is minimal, and 7-zip handles both types anyway.

@jernej__s thank you, that's valuable input!

@jernej__s @bagder 7-zip can offer parallel decompression.

Tar is quite outdated in this regard, in fact!

@maonu @jernej__s I timed my tar xf. It takes 92 milliseconds. For whom is this a problem again?

@bagder don't, honestly. Realistically, the sizes don't matter for human downloaders (also not on the server side, most downloads probably are automated, and will probably be .tar.something), so adding more formats doesn't seem worth the effort. ZIP has one, and honestly, one advantage for Windows users: unlike .tar.xz it can be decompressed with board utilities, but what's the point in that? You end up with a source tarball, and then you install a toolchain that *almost certainly* includes tar.

@bagder
I'm also not convinced at all. Windows 11 now supports all sorts of archive formats out of the box (zip, tar, tar.gz, tar.bz2, tar.xz, tar.zst, 7z, rar). I'd rather look at zstd if you want to add a new (and potentially a better-compressed, fast) format.

@mynacol my zstd tests end up roughly the same size as with xz, so it does not seem worth it.

@bagder @mynacol Yeah but zstd decompresses *significantly* faster, which is nice for everyone

@highvoltage @mynacol my .tar.xz file decompresses in 92 milliseconds for me. I don't too believe many people will get bored before it completes.

@bagder Considering the email, they do have valid points. The file size difference is significant enough, and the 7z file is more user-friendly in comparison to tar.* for some users. However, it does raise concerns about potential side-channel attacks targeting 7-Zip.

@Man2Dev the diff compared to tar.zx seem insignificant. Why does it raise concerns for attacks?

@bagder @mynacol Yeah I use lots of small computers where it's a different ballpark than a typical modern laptop, but, at least I'd just use the Debian packages on those so I think few people who use these small devices consume the upstream tarball directly anyway.
replies
0
announces
0
likes
0

It does need to "uncompress it twice" (once to remove .xz, once to extract .tar) though, but that'd be something for 7-zip to solve, not curl.

@lapo @jernej__s @bagder Or just rename the file to a .txz. Then 7-zip should do it in one step.