alt Hacker NewsBetter for the cool down to be managed guaranteed centrally by the package forge rather than ad-hoc by each individual client.
Replies
ornornor • today at 3:32 AM
That’s tricky, sometimes you really need the new version to be available right away.
➕ show 2 replies
The cooldown is a defence against malicious actors compromising the release infrastructure.
Having the forge control it half-defeats the point; the attackers who gained permission to push a malicious release, might well have also gained permission to mark it as "urgent security hotfix, install immediately 0 cooldown".