[erlang-questions] Erlang package manager

Zachary Kessin <>
Wed Dec 17 14:28:35 CET 2014


On 12/16/2014 09:12 PM, Michael Truog wrote:
> 2) It needs to use source code in the packages, not binaries, to make 
> sure everything is transparent, avoiding black-box binary blobs which 
> lack any ability to be examined easily.  Past erlang package managers 
> have had trouble here.  Along with this, there needs to be signing of 
> the package for the identity of the publisher and the integrity of the 
> package.

I would like to see the option of source, binary or both for packages, I 
would in general prefer source, but there may be cases when someone 
wants to put out a binary only package for some reason, and it should 
support that

--Zach


More information about the erlang-questions mailing list