Security updates bypass the cooldown. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		esafak 1 day ago \| parent \| context \| favorite \| on: Cooldown Support for Ruby Bundler Security updates bypass the cooldown.
		help

doctorpangloss 1 day ago [–]

But what channel decides it is a security update? How do you know? Someone has to notify whom exactly? And what if the adversary says their supply chain attack commit is a security update?

All of this cooldown stuff is so mind bogglingly stupid...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact