In the wake of Sha1 Halud much of the discussion has centered around cooldown, but I'm looking to address another aspect of package installation, that of install-time code execution. I'm wondering ...