Hacker News new | ask | show | jobs
by 8n4vidtmkvmk 75 days ago
I don't know how it would. Hackers would just claim everything is a security update.

Unless maybe you give special permission to some trusted company to designate certain releases of packages they don't own are security patches... But that sounds untenable.
1 comments
cozzyd 75 days ago
It would have to be handled by the repository owner(e.g. PyPI) similar to how quarantines are done.
link