Skip to content

Add published_at field to Release message#55

Merged
ericmj merged 1 commit into
mainfrom
cooldown
May 18, 2026
Merged

Add published_at field to Release message#55
ericmj merged 1 commit into
mainfrom
cooldown

Conversation

@ericmj
Copy link
Copy Markdown
Member

@ericmj ericmj commented May 18, 2026

Add an optional int64 published_at field to the Release message in package.proto, carrying the Unix epoch seconds at which the release was published to the repository.

The field is optional for backwards compatibility; absence means "no information available". Clients can use it to compute release age and apply policies such as a configurable release-age cooldown during dependency resolution to mitigate supply-chain attacks.

Follow up to hexpm/hex_core#187.

@ericmj
Add published_at field to Release message
ef53f67 
Add an optional int64 published_at field to the Release message in
package.proto, carrying the Unix epoch seconds at which the release
was published to the repository.

The field is optional for backwards compatibility; absence means
"no information available". Clients can use it to compute release
age and apply policies such as a configurable release-age cooldown
during dependency resolution to mitigate supply-chain attacks.
@ericmj ericmj merged commit 71ca283 into main May 18, 2026
5 checks passed
@ericmj ericmj deleted the cooldown branch May 18, 2026 21:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ericmj