Trust issues: trouble in package paradise
This last year has seen attacks like the compromising of event-stream package in the JavaScript ecosystem. It clearly demonstrated that attackers injecting malicious code into libraries we use is not just a theoretical problem, but something that happens in practice.
We'll talk about how the new version of Hoplon helps mitigate this problem using public key cryptography and a simple trust model - all of that without the need for a trusted third party or abandoning the common package ecosystem.
OBJECTIVES
Describe the dangers of the standard way of using third-party packages.
Propose a simple solution to the problem that can be used by organisations and individuals alike.
TARGET AUDIENCE
Anyone working on Elixir applications that handle sensitive information.