Thanks for the detailed answers, but this also contradicts your own recommendations from:
https://blog.inedo.com/inedo/recently-published-aged-packages-and-upcoming-proget-2026-changes
"Guideline: Block New and Warn for Aged
In general, we recommend blocking newly-published packages and creating exceptions for on a case-by-case basis when needed. This allows early adopters to find catastrophic failures, discover maliciously-published versions, and possibly even uncover other vulnerabilities/bugs as well.
However, we recommend warning for aged packages instead of blocking them. The main reason is that a developer is unlikely to choose an old version for a new project (which is where you’d want the download blocked), but a legacy application that suddenly can’t build will be headache to troubleshoot later. Note that you can always use vulnerability rules to ensure that vulnerable aged packages are still blocked."

