I went into this article thinking, well, I am already a free-rider on open source!

But now I find the idea of an upload quite convincing. I don't think it quite solves the free rider problem, but it does flip it. Cooldowns make security opt-in. Whereas a publish queue makes insecurity opt-in. That seems like a better default.

More discussion: https://news.ycombinator.com/item?id=47773812

Let security companies drink from the firehose. Companies can pay for it and subsidize end users through Github etc. Everybody wins.