Please deliver git as zip archive

Question

Please deliver git as zip archive

ThomasKrenn opened this issue 6 years ago · 1 comments

Hello,
please consider providing a simple .zip file..
Even if the user trusts the download source, its unclear if the installer modifies the win registry.

Best regards
Thomas

Answer 1 · 2018-05-05T19:12:33.000Z

Please note that you opened this ticket in the wrong bug tracker: this bug tracker is about issues in the fork of 7-Zip that is used by Git for Windows to generate the self-extracting .7z.exe files.
A simple .zip file is a lot larger than a simple .7z file
If you do not trust the download source, just use 7-Zip to unpack the .7z.exe (you may need to rename the file first, to strip the .exe extension). But then, this is little consolation to any suspicious user such as yourself: who is to say that a malicious maintainer lets only the installer modify the registry? Why not every single git.exe call itself? It boils down to trust: if you still distrust the maintainer after 10 faithful years of maintainership, the only way to have confidence in any Git version is to audit the source yourself, and build it yourself, too.