> Our first action, which began immediately after the incident concluded, was to implement a 24-hour cooldown on republication of any deleted package name.
But they also have a policy of replacing deleted package names with placeholders, which was not currently enforced for spam-deletions. The cooldown should give them 24 hours to discover any remaining holes in that policy.
Oops, missed that part. Guess the logic is that for spam-packages, there isn't going to be anyone relying on them and it would be a waste of namespace space to allow spammers to fill it up?
> Our first action, which began immediately after the incident concluded, was to implement a 24-hour cooldown on republication of any deleted package name.