Chad, > 1) anyone can create packages for others without review, 2) security is better These two concepts seem fundamentally at odds. Perhaps I have misunderstood you. How would unreviewed code be better for security?