@tdose
For quite a while I took pride in making source tarballs reproducible. First, I did it for Dezyne (https://cgit.git.savannah.nongnu.org/cgit/dezyne.git/commit/?id=7db1b91b65499464ed9829d17b808453f5f6e5e4) then (a bit harder) for GNU Guix (https://issues.guix.gnu.org/70169/).
In Guix, it has always been a puzzle: Do we prefer tarballs, or do we prefer Git? Well, thanks to the xz-utils fiasco, that problem has been solved: https://codeberg.org/guix/guix/milestone/66679.
We now know what to do, we only have to do it.
On the tarball front, I believe it would be good to remove pre-built artifacts, and only include true sources from Git.
Thoughts?