[Remi COLLET]

1st/ http://phpseclib.sourceforge.net/channel.xml contains URL to http://phpseclib.sourceforge.org which doesn't exist.

2nd/ packages are broken
$ tar tf Crypt_AES-0.3.6.tgz
/Crypt_AES-0.3.6/Crypt/AES.php
package.xml

And in package.xml
...file baseinstalldir="Crypt" name="AES.php" role="php"...

So pear expect Crypt_AES-0.3.6/AES.php which doesn't exists.

I was able to install phpseclib/Net_SFTP just fine using the instructions at http://phpseclib.sourceforge.net/pear.htm.

As for your point # 1:

Here's the channel.xml file:

<?xml version="1.0" encoding="UTF-8" ?>
<channel version="1.0" xmlns="http://pear.php.net/channel-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://pear.php.net/channel-1.0 http://pear.php.net/dtd/channel-1.0.xsd">
    <name>phpseclib.sourceforge.net</name>
    <summary>PHP Secure Communications Library PEAR channel</summary>
    <suggestedalias>phpseclib</suggestedalias>
    <servers>
        <primary>
            <rest>
                <baseurl type="REST1.0">http://phpseclib.sourceforge.net//rest/</baseurl>
                <baseurl type="REST1.1">http://phpseclib.sourceforge.net//rest/</baseurl>
                <baseurl type="REST1.2">http://phpseclib.sourceforge.net//rest/</baseurl>
                <baseurl type="REST1.3">http://phpseclib.sourceforge.net//rest/</baseurl>
            </rest>
        </primary>
    </servers>
</channel>

I assume the URL you're talking about is http://phpseclib.sourceforge.net//rest/ ? Because although you're not able to view the directory contents by visiting that URL it does exist as evidenced by this:

http://phpseclib.sourceforge.net//rest/p/packages.xml

I could put a .htaccess there with "Options +Indexes" but you have not convinced me of it's necessity.

As for your point # 2:

wget http://download.pear.php.net/package/Archive_Tar-1.3.13.tgz
tar tf Archive_Tar-1.3.13.tgz

That outputs this:

package.xml
Archive_Tar-1.3.13/Archive/Tar.php
Archive_Tar-1.3.13/docs/Archive_Tar.txt

As for your point # 3:

From Archive_Tar's package.xml:

  <dir name="/">
   <file baseinstalldir="/" md5sum="5abc21a68853f801a4ba7b6ff0918d5b" name="Archive/Tar.php" role="php" />
   <file baseinstalldir="/" md5sum="2fb90f0be7089a45c09a0d1182792419" name="docs/Archive_Tar.txt" role="doc" />
  </dir>

So basically, phpseclib's PEAR channel behaves in the exact same way as php.net's PEAR channel. At least w.r.t. your #2 and #3 points. Does that mean you're going to open up bug reports against pear.php.net as well?