Comment by Barbing
3 hours ago
Would be bad for software/progress I guess but, got me thinking of if we had an expectation a dev would post an update checksum/hash, then follow it up a day later with the update itself...
(well maybe that leads to kidnappings idk)
edit - heh, sibling comment on package manager-level must be much smarter
I fail to see how this isn't a simple cool down with more steps. It doesn't seem to add anything to the security posture of the package/update