As a Windows user (and somebody who's been using 7-zip since 2002), I really don't see any point in .7z over .tar.xz – the size difference is minimal, and 7-zip handles both types anyway.

No, not standard. Disk and network are still cheap. Not the guy who's using it.

don't, honestly. Realistically, the sizes don't matter for human downloaders (also not on the server side, most downloads probably are automated, and will probably be .tar.something), so adding more formats doesn't seem worth the effort. ZIP has one, and honestly, one advantage for Windows users: unlike .tar.xz it can be decompressed with board utilities, but what's the point in that? You end up with a source tarball, and then you install a toolchain that *almost certainly* includes tar.

I'm also not convinced at all. Windows 11 now supports all sorts of archive formats out of the box (zip, tar, tar.gz, tar.bz2, tar.xz, tar.zst, 7z, rar). I'd rather look at zstd if you want to add a new (and potentially a better-compressed, fast) format.

manually compressing the .tar file with `xz --extreme --best curl-8.10.1.tar` already reduces the size from 2'766'260 to 2'644'404 bytes. The best 7z compression, `7z a -t7z -m0=lzma -mx=11`, generates roughly the same size: 2'643'431 bytes. So I don't think 7z is needed.

Considering the email, they do have valid points. The file size difference is significant enough, and the 7z file is more user-friendly in comparison to tar.* for some users. However, it does raise concerns about potential side-channel attacks targeting 7-Zip.

@Man2Dev the diff compared to tar.zx seem insignificant. Why does it raise concerns for attacks?

Presumably their user base likely prefers user-friendly options like zip. I was comparing the diff between zip and 7z. As for the attack although it migh, not really be practical I was referring to scenarios like the zlib vulnerability.