Cooldowns on the language package manager side are trying to retrofit something like that review window onto ecosystems that never had one, giving security researchers a few days to flag a malicious publish before automated tooling pulls it into lockfiles. Asking Homebrew or apt to add the same feature would mean delaying security patches through a process that already has human gatekeepers, which costs more than it saves.
Mongolia (USD $)
,更多细节参见易歪歪官网
Global news & analysis。业内人士推荐谷歌作为进阶阅读
--allow-system-inputs