I am thinking about Django releases. They release a "Release Candidate", which you have to download by other means to test it. I rarely do it. But when a new official is out, I install it very easily in a testing environment and run my tests against it. I think this is what most people do, and the phase where supply attacks get caught, because in that 48 hour window all the tests in the world are run.
It's not a lack of care about privacy, the 7 days delay is like a new stage between RC and final release, where you pull for testing but not for production.
I am thinking about Django releases. They release a "Release Candidate", which you have to download by other means to test it. I rarely do it. But when a new official is out, I install it very easily in a testing environment and run my tests against it. I think this is what most people do, and the phase where supply attacks get caught, because in that 48 hour window all the tests in the world are run.
It's not a lack of care about privacy, the 7 days delay is like a new stage between RC and final release, where you pull for testing but not for production.