Trust issues: trouble in package paradise

This last year has seen attacks like the compromising of event-stream package in the JavaScript ecosystem. It clearly demonstrated that attackers injecting malicious code into libraries we use is not just a theoretical problem, but something that happens in practice.

We'll talk about how the new version of Hoplon helps mitigate this problem using public key cryptography and a simple trust model - all of that without the need for a trusted third party or abandoning the common package ecosystem.


Describe the dangers of the standard way of using third-party packages.

Propose a simple solution to the problem that can be used by organisations and individuals alike.


Anyone working on Elixir applications that handle sensitive information.