| ▲ | weinzierl an hour ago | |
If this is the idea, why don't we let the dedicated security firms and/or automated scanners find the vulnerabilities before the release? You need an early release in the "given enough eyeballs all bugs are shallow" world because you need the eyeballs, but if you count on specialists and scanners no general availability release is necessary and hence no cool down. | ||
| ▲ | john_strinlai an hour ago | parent [-] | |
i am not sure what the benefits of your proposal are compared to the "cooldown period" way. the releases will be delayed for the same time period, but you increase the amount of coordination required significantly and reduce user agency. | ||