From: Richard Peters (r.a.peters_at_[hidden])
Date: 2004-12-22 09:31:38
----- Original Message -----
From: "Stefan Seefeld" <sseefeld_at_[hidden]>
> > From: Richard Peters [mailto:r.a.peters_at_[hidden]]
> > Another argument that I thought of this morning: suppose we
> > do not publish a
> > self-extracting executable. What is going to stop an attacker from not
> > uploading his own self-extracting look-alike? If he can
> > change existing
> > archives, he probably can add other archives as well.
> right, but if some boost authority certifies its released packages,
> everybody is free to ignore such look-alikes. Isn't that the whole
> point of certification ?
If some boost authority certifies the released packages, and users correctly
verify that the certificate is issued by the boost authority, and the
certificate is valid on the package, then certified executables can be
trusted as well.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk