From: Stefan Seefeld (sseefeld_at_[hidden])
Date: 2004-12-22 08:43:09
> From: Richard Peters [mailto:r.a.peters_at_[hidden]]
> Another argument that I thought of this morning: suppose we
> do not publish a
> self-extracting executable. What is going to stop an attacker from not
> uploading his own self-extracting look-alike? If he can
> change existing
> archives, he probably can add other archives as well.
right, but if some boost authority certifies its released packages,
everybody is free to ignore such look-alikes. Isn't that the whole
point of certification ?
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk