DigiNews

Summary

Dependency cooldowns are criticized as a free-riding mechanism that burdens the ecosystem and may not address core issues of publishing and distribution. The piece advocates upload queues as a centralized, safer alternative and discusses applicability to AI pipelines, security testing, and prior art like the Debian testing process. It also covers practical considerations such as funding, reviewer roles, and notification strategies to mitigate supply chain attacks.