Git archive generation meets Hyrum's law

Yes and no, unfortunately...

Promoting a tag to a "release" lets you attach arbitrary binary artifacts, such as your official release tarballs. These are stored as binary blobs and don't change. There's no guarantee that they bear any relationship to what's in git, so a malicious project maintainer could insert bad things into the official release tarball in a less visible way than committing them to git (as usual, you have to either trust the maintainer, or audit the code).

However, whether you attach official release tarballs or not, Github provides prominent "Source code" links which point to the output from git archive, and it doesn't seem to be possible to turn those off. It is these "Source code" tarballs that changed recently. Even if git archive doesn't change its output, they are annoying in projects that use submodules or Autotools, because every so often a well-intentioned user will download them, try to build them, find that the required git submodules are missing, and open a bug "your release tarballs are broken".

Flatpak makes a good example to look at for this. flatpak-1.x.tar.xz is the official release tarball generated by Autotools, which is what you would expect for an Autotools project: the source from git (including submodules), minus some files only needed during development, plus Autotools-generated cruft like the configure script. You can build directly from a git clone (after running ./autogen.sh), or you can build from flatpak-1.x.tar.xz (with no special preparation), but you can't easily build from the "Source code" tarballs (which are more or less useless, and I'd turn off display of that link if it was possible).