Doing this post-save means we'll contest for the Xapian write lock when we unrelated writes to indexing. It's still possible for two inline edits or reviews to happen simultaneously, but the chance is probably not enough to be concerned about.
This can happen if testing an extension locally that isn't on the website.
We have one guy DoSing our server with a badly formed request every minute. Prevent him from spamming my email.
We only want to emit blacklist if there's no version when the existing version was rejected.
We were allowing admins to change all display names, but not actually setting the name on the correct user.
Now that we can rely on Django 1.4, we can put this here.
We don't need a hash for two elements.
And auto-approve extensions by users who are on the trusted whitelist
Otherwise, an extension with full 3.6 compatibility may not appear for a user using 3.6.1, or similar.