Subject: Re: [boost] Providing means to verify integrity and authenticity for releases
From: paul Fultz (pfultz2_at_[hidden])
Date: 2016-03-14 10:16:46
> On Monday, March 14, 2016 5:15 AM, Daniel Hofmann <daniel_at_[hidden]> wrote:
> > The current download page at
> redirects the user to SourceForge for downloading sources and / or
> binary Boost distributions. SourceForge can no longer be trusted as a
> hosting platform, as you can for example see following this thread
> where a user was tricked into downloading some arbitrary binary while
> downloading a Boost release.
> Unfortunately there does not seem to be a secure and convenient way to
> download Boost releases.>
> Although Github's Boost "releases" can be found at
> but those are only repository snapshots, from which you can not even
> build a Boost distribution.
Ideally, all boost libraries should be installable directly from their github repo like Boost.Hana. However, there is cycles everywhere you turn right now in Boost.