Dependency cooldowns turn you into a free-rider
calpaterson.comI went into this article thinking, well, I am already a free-rider on open source!
But now I find the idea of an upload quite convincing. I don't think it quite solves the free rider problem, but it does flip it. Cooldowns make security opt-in. Whereas a publish queue makes insecurity opt-in. That seems like a better default.
More discussion: https://news.ycombinator.com/item?id=47773812
Let security companies drink from the firehose. Companies can pay for it and subsidize end users through Github etc. Everybody wins.