More akin to letting astronauts stay in quarantine for a day in case they caught space bugs.
If every other week I would notice the FDA recalls a popular brand that would have taken over my brain and transmit my bank password and SSN to a stranger, I might prefer drinking week old milk.
Edit: not dismissing your analogy, it’s pretty much it.
If nobody drinks the milk until it’s a week old, that won’t help.
I do think cooldowns help, it’s more that this analogy doesn’t help.
The cow has to wake up and look at what milk she’s been putting out, and ideally the milk machine would use an early release channel so that some people will get the brain virus first.
Nobody has to drink it, just test it. The analogy is stupid, but it's more like if there was no FDA, you'd wait a week for food safe labs to test it, or you'd invest in your own testing.
The early release channel is sensible, but if you're a bad actor who's compromised a package you're not going to early release are you, you get it straight out there.
Yeah, I mean, there are companies out there, that (for the goodness of heart or marketing or both, and I prefer if they did it for marketing because that would make it sustainable) who drink the milk as soon as it hits the shelf, and immediately tells the grocery chain to remote it.
tl;dr - there is financial interest for some companies to not have cooldowns and detect poisoned milk immediately.
More accurate analogy is a food tester for a king I guess, if your replace king with "everyone", (and the food tester did it for inbound traffic for his product and didn't risk their life for it)
It's exactly the same. With both you have no idea if you'll be compromised once you pick up a new item from the store. With both you wait a week, in case the authorities issue a recall. With both you use it after that one week of waiting. Both are relying on luck to be safe.
The crazy thing is the risk from food is higher, we just don't really mind, because it's rare that we personally get affected
As much as I dislike this distribution model, this is a completely misapplied analogy. In npm with cooldowns case you "buy" a thing and get to use it instantly without any delay, it just won't get improved until a few days later - exactly as if the project you installed would use some timed staging channel for testing before making releases, except you're the one who controls the timing here.
If every other week I would notice the FDA recalls a popular brand that would have taken over my brain and transmit my bank password and SSN to a stranger, I might prefer drinking week old milk.
Edit: not dismissing your analogy, it’s pretty much it.