Many people reported problems with the installation command, most of
them had typos, understandable due to the long command. Tar is available
even on minimal templates. Using tar is not more dangerous than using
qfile-unpacker in this case because the project has no signed archives
and passing a directory to dom0 is insecure, considering a git repo, an
attacker could find information in the .git directory or modify files
and add them to git exclude, which won't be noticed when verifying the
commit signature.
In the future, if a signed tarball were to be provided, qvm-run and pipe
would be used instead, making the command even simpler.
