Erlang/OTP 21 is not just about performance; some thoughts on the security contents: https://blog.voltone.net/post/18 #myelixirstatus
I’ve written and spoken in the past about the perils of 3rd party deps, and the need for due diligence. Specifically on integrity, the ‘hoplon’ package looks interesting, though I haven’t used ithttps://hex.pm/packages/hoplon
-
-
Interesting, have to look deeper into it. I was also thinking of deterministic builds: seems like it's kind of possible with erlc (deterministic opt) and therefore to generate the hash of the binary. The idea is to add the expected hash in mix.exs, and check it after download
-
Hex packages are downloaded as source. Compilation may be modified by the containing app’s config, or different compiler version. So not deterministic
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
