Ruby Fights Supply-Chain Attacks With Filter Offering 'Cooldown' Before Installing New Packages

Most supply-chain attacks using Ruby's package hosting site "exploit a narrow window," according to a new blog post form Ruby core maintainer Hiroshi Shibata.
So its packaging-managing Bundler tool now offers a filter that blocks new version until it's been public "for at least N days. Releases too new to have been scrutinized are passed over in favor of ones that have aged past the window."The feature was designed in the open, drawing on how other ecosystems approach the same problem. It is opt