Subject: Re: Boost libraries cannot yet be trusted
From: Daniela Engert (dani_at_[hidden])
Date: 2016-03-22 12:48:28
Am 22.03.2016 um 09:32 schrieb Vladimir Prus:
>> One can always replace a zip-file by an installer that packages
>> bloatware together with the source.
You may sign CAB archives if you really want to.
> E.g. if we were to publish SFX archives, signing them would be nice, but
> involves actual money.
Actually, no - it doesn't cost money. Open source developers can get
code-signing certificates for free (f.e. from Comodo or Certum). Just
have a look at Git-2.7.4, TortoiseGit-18.104.22.168, or other open source
stuff: sha256 signed and sha265 timestamped.
-- PGP/GPG: 2CCB 3ECB 0954 5CD3 B0DB 6AA0 BA03 56A1 2C4638C5
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk