Today, one email was sent to the arch-announce mailing list that was able to circumvent the whitelisting checks that are done by the mailman software. This was not due to unauthorized access and no Arch Linux servers were compromised.
We have implemented measures to make sure this does not happen again, by using mailman's poster password feature. We are also making sure, these simple whitelist checks are not used anywhere else.
The compression algorithm `zstd` brings faster compression and decompression, while maintaining a compression ratio comparable with `xz`. This will speed up package installation with `pacman`, without further drawbacks.
The imminent release of **pacman 5.2** brings build tools with support for compressing packages with `zstd`. To install these packages you need `libarchive` with support for `zstd`, which entered the repositories in September 2018. In order for `zstd` compressed packages to be distributed, we require all users to have updated to at least **libarchive 3.3.3-1**. You have had a year, so we expect you already did update. Hurry up if you have not.
If you use custom scripts make sure these do not rely on hardcoded file extensions. The `zstd` package file extension will be `.pkg.tar.zst`.