Brake one type of attacker, give time to the other to sploit the bug that was fixed.

optimism

Cooldowns are a new and remarkably effective technique for avoiding supply chain attacks. As we learned from 

 from the past 18 months found that an attacker’s real window of opportunity is almost always measured in hours or days, not weeks; eight of the ten were shut down in under a week. Our cooldown pumps the brakes on the attacker by refusing to adopt any release until it has been public for a week, providing crucial time for problems to be identified first.

security

For all [Determinate Nix](https://determinate.systems/nix/) users:

> Cooldowns are a new and remarkably effective technique for avoiding supply chain attacks. As we learned from [cooldowns.dev](https://cooldowns.dev/), a recent [analysis of roughly ten of the most prominent supply chain attacks](https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns) from the past 18 months found that an attacker’s real window of opportunity is almost always measured in hours or days, not weeks; eight of the ten were shut down in under a week. Our cooldown pumps the brakes on the attacker by refusing to adopt any release until it has been public for a week, providing crucial time for problems to be identified first.