* Proposal zip bomb (zip archives without a top level directory) handling should not be done in `url-fetch/zipbomb'. It should be implemented as a boolean argument to the `unpack' phase.
Likewise for url-fetch/tarbomb as well. * Rationale I'm changing the download method of a few packages to url-fetch/zipbomb, and the source gets downloaded again. This should not happen. It is the same source archive after all. Why download another copy? In my particular case, these source archives happen to be quite big (around 500 MB) as well. The download method in source/origin/method should only be involved in downloading. It should not handle how the downloaded source archive is unpacked. That is the job of the `unpack' phase. url-fetch/zipbomb unnecessarily duplicates the "unzip" command invocation. * Feedback WDYT?
