Add warning / Improve security around installing ethpm URIs #94
Description
Only install packages from registries you trust is a major requirement of ethpm. You should always trust the owner of a registry before installing (or activating) a package.
It might be a good idea to implement some kind of loose confirmation when you want to install / activate a package....
> ethpm install ethpm://0x123abc/[email protected]
Installing a package from the registry @ 0x123abc.
The owner of this registry is: 0x456def.
Do you trust this owner? Are you sure you want to install packages from their registry?