Probably just a notice, but all your currently-submoduled repos in .gitmodules are read/write, which can bug someone else cloning without the necessary permissions.

I did not consider plain git urls (git://) because they are not secure. But maybe it would have been better to go with https urls. I personally prefer using ssh, because I use that anyway to connect to other machines, so I only have to setup one authentication method if I stick with that.

But using https was not a viable option in the short run. borg-assimilate can get urls from epkg, and most of those urls are ssh urls. I would have to change all of those urls in the Emacsmirror database, which isn't much work but which I don't want to do until I am absolutely sure that it is what I want to do.

In the end it doesn't matter much what protocol is used. Which ever I pick, it will inconvenient the users who prefer the other. Luckily this is very easy to "fix":

git config --global url.https://github.com/.insteadOf git@github.com:
git config --global url.https://gitlab.com/.insteadOf git@gitlab.com:

I should probably mention this in the borg documentation. (I do mention it on the Emacsmirror homepage, which is recommended reading for all borg users.)

It took me a while, but the manual now mentions this. (Still have to upload, but I just zapped my computer and not all required software is in place yet.)

By the way, are you still using borg? Care to share your experience?