Boost logo

Boost :

Subject: Re: [boost] Providing means to verify integrity and authenticity for releases
From: paul Fultz (pfultz2_at_[hidden])
Date: 2016-03-14 10:16:46


> On Monday, March 14, 2016 5:15 AM, Daniel Hofmann <daniel_at_[hidden]> wrote:
> > The current download page at
>
>> http://www.boost.org/users/download/
>
> redirects the user to SourceForge for downloading sources and / or
> binary Boost distributions. SourceForge can no longer be trusted as a
> hosting platform, as you can for example see following this thread
>
>> http://lists.boost.org/boost-users/2016/02/85662.php
>
> where a user was tricked into downloading some arbitrary binary while
> downloading a Boost release.
>
>
> Unfortunately there does not seem to be a secure and convenient way to

> download Boost releases.>
>
> Although Github's Boost "releases" can be found at
>
>> https://github.com/boostorg/boost/releases
>
> but those are only repository snapshots, from which you can not even

> build a Boost distribution.

Ideally, all boost libraries should be installable directly from their github repo like Boost.Hana. However, there is cycles everywhere you turn right now in Boost.


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk