Is it possible to require package releases to be a certain age to be installed?
With all the attacks on open-source happening lately, it's been nice to see some package ecosystems, such as NPM, implementing measures to combat supply-chain attacks, among other things.
The main thing I'm interested in is enforcing a minimum age for package releases before being installed (defaults to 24 hours). This gives time for compromised releases to be found and yanked, before they're rolled out to millions of users. However, from my understanding, it's useful to avoid significant regressions and other bugs as well, as bad releases can be yanked or hotfixes issued within that window of time. This would reduce the instances of installing a faulty update for a package overall.
Is this something that's possible with Pacman/Paru/Arch-Update? Am I even right that it could be beneficial, or am I misunderstanding how the Arch package repos/AUR work?