Boost logo

Boost :

Subject: Re: [boost] Boost libraries cannot yet be trusted
From: Peter Dimov (lists_at_[hidden])
Date: 2016-03-22 05:34:41


Vladimir Prus wrote:
> Say, you have a github commit by me, which means that somebody in
> possession of my RSA private key has pushed it.

No, I don't think it means that.

http://www.jayhuang.org/blog/pushing-code-to-github-as-linus-torvalds/

> If you look at other open-source projects, all the huge security problems
> were either genuine bugs, or government-mandated "export crypto", not so
> much of directly evil code.

That's not quite true either. There have been source attacks. Although I
agree that the risk for a source attack on Boost may not be that high.


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk