Comment by swiftcoder
10 days ago
The problem is making it a default (or even popular). If everyone tries to move themselves later in the chain, you just moved detection later in the chain as well
10 days ago
The problem is making it a default (or even popular). If everyone tries to move themselves later in the chain, you just moved detection later in the chain as well
Yes. But also infection with a malicious package. I don't want anybody to be hacked and also don't want everybody to be hacked at the same time. If I am managing multiple software components with different levels of reliability requirements I certainly would stagger updates and updates to dependencies using "dependency cooldowns". I don't fault anybody for using them. As it stands I am very conservative with dependencies/updates in general and not using "dependency cooldowns" yet.