> The only oversight I think in the proposal is staggered distributions so that ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		calpaterson 3 days ago \| parent \| context \| favorite \| on: Dependency cooldowns turn you into a free-rider > The only oversight I think in the proposal is staggered distributions so that projects declare a UUID and the distribution queue progressively makes it available rather than all or nothing That is indeed an oversight - I wish I had thought of that idea!

		help

vlovich123 2 days ago [–]

No worries. Feel free to popularize it. I’m more worried about supply chain security than credit :).

vlovich123 2 days ago | [–]

Also rather than a UUID a hash of the package name is probably sufficient for back compat and avoiding people trying to rotate UUIDs to get sooner / later distribution.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact