Package management systems have become an integral part of development. But their security does not get enough attention. Speakers will talk about the LuaRocks package repository popular with those developing in Lua. It was never mentioned in security newsletters before. They will explain a major vulnerability which could allow to seize any account on luarocks.org and compromise all packages. They will also demonstrate exploitation of the vulnerability.