Boost logo

Boost :

Subject: Re: [boost] Boost libraries cannot yet be trusted
From: Peter Dimov (lists_at_[hidden])
Date: 2016-03-22 05:34:41

Vladimir Prus wrote:
> Say, you have a github commit by me, which means that somebody in
> possession of my RSA private key has pushed it.

No, I don't think it means that.

> If you look at other open-source projects, all the huge security problems
> were either genuine bugs, or government-mandated "export crypto", not so
> much of directly evil code.

That's not quite true either. There have been source attacks. Although I
agree that the risk for a source attack on Boost may not be that high.

Boost list run by bdawes at, gregod at, cpdaniel at, john at