but it’s better than the alternative.
Cooldowns on the language package manager side are trying to retrofit something like that review window onto ecosystems that never had one, giving security researchers a few days to flag a malicious publish before automated tooling pulls it into lockfiles. Asking Homebrew or apt to add the same feature would mean delaying security patches through a process that already has human gatekeepers, which costs more than it saves.
。新收录的资料对此有专业解读
render the candy-sheet preview
It's been running my personal blog and the Platypush blog for a while now.