alt Hacker NewsMaybe a better way would be to allow third-parties to certify releases, and you can specify only to pull the package once they've given it the green light.
Maybe a better way would be to allow third-parties to certify releases, and you can specify only to pull the package once they've given it the green light.
Cathedral or Bazaar on and on. We vary in opinion.
IMO we should be using the best easiest information syndication we have for all, that's as decentralized as we can be. That's why I suggested atproto. I believe the Bazaar approach here would be more interesting, and would avoid pressure points of only specific people having the relationships to pull the oh shit alarm.