| ▲ | halJordan an hour ago | |
But then what happens when everyone just shifts their window too. This solution is a misuse of the commons type thing where you just take advantage of letting others get poisoned and see if they drop | ||
| ▲ | hxugufjfjf 2 minutes ago | parent | next [-] | |
I think the idea is that security scanners ran by companies like Wiz and Aquasec etc will pick this up in that timeframe, not that you sit around and wait for others to get compromised. | ||
| ▲ | adamandsteve 6 minutes ago | parent | prev [-] | |
I kind of agree, but presumably this would happen more among people maintaining security-critical projects. In that case it'd be a net positive for other projects to get infected first, since if they aren't delaying package updates by 24 hours then security probably isn't quite as important. Which also makes it better in general because hackers will be less incentivized to write viruses if all the really juicy targets will only download them after they've gone undetected for e.g. 7 days. | ||