Hi,
The error messages produced by Erlang/Elixir on a module name case mismatch
when using a case-insensiteve FS can be confusing/intimidating:
iex(1)> Genserver.start_link(MyApp.Worker, [], name: MyApp.Worker)
09:57:03.286 [error] Loading of /lib/elixir/ebin/Elixir.Genserver.beam
failed:
e way of signing of code and a (practical)
> way of verifying the signatures I don't think we can have a great solution
> for this issue. And even then signing keys can be compromised, so in the
> end the only way to fully protect yourself is to fetch dependencies in a
> sandbox, manually
Hi,
The other day I wrote a post on security best-practices around dependencies
(https://blog.voltone.net/post/5). One of the issues I raised was the risk
of unexpected code execution when pulling in dependencies from Git
repositories: "mix deps.get" recursively installs any sub-dependencies,