@gugurumbe @civodul PO files in a separate branch is an interesting approach! I still worry that they effectively are vendored files. How about storing po/SHA256SUMS in git and verify any downloaded files against that? There is a data-focused doctrine that says data should only be maintained at its preferred canonical location and not duplicated, and I think it makes sense for source files too.
@jas4711 @civodul They are vendored files that can crash things if you mess up format strings. You can also target specific locales (so, specific countries) and noone checks their programs in foreign locales in CI systems.
Gettext has tools in place to check that the format arguments stay the same when it detects a format string, so that is good.