top | item 16127119

(no title)

kylemuir | 8 years ago

> Our first action, which began immediately after the incident concluded, was to implement a 24-hour cooldown on republication of any deleted package name

I don't understand this. Why hard delete packages at all? Soft deleting feels like it would be easier and would stop people republishing with the same name.

They could also bake their warning process for dependent libraries (i.e. "this package is gone!") into the soft delete process.

discuss

No comments yet.