The request
Given the recent increase in supply chain attacks, would it make sense to introduce a configurable temporary delay for package upgrades?
For example, if an Adobe update is released on Monday, it would not be installed until Wednesday. Likewise, if a Chrome update is released on Tuesday, it would not be applied until Thursday.
The idea would be to create a small buffer period before updates are automatically deployed, providing some additional protection against malicious or compromised releases. An example would be the NPM attacks recently. The benefit may be limited, but it could still be a worthwhile safeguard acting as a small line of defence.
Is your feature request related to a problem?
Additional information
No response
The request
Given the recent increase in supply chain attacks, would it make sense to introduce a configurable temporary delay for package upgrades?
For example, if an Adobe update is released on Monday, it would not be installed until Wednesday. Likewise, if a Chrome update is released on Tuesday, it would not be applied until Thursday.
The idea would be to create a small buffer period before updates are automatically deployed, providing some additional protection against malicious or compromised releases. An example would be the NPM attacks recently. The benefit may be limited, but it could still be a worthwhile safeguard acting as a small line of defence.
Is your feature request related to a problem?
Additional information
No response