Boost logo

Boost :

Subject: Re: Boost libraries cannot yet be trusted
From: Daniela Engert (dani_at_[hidden])
Date: 2016-03-22 12:48:28


Am 22.03.2016 um 09:32 schrieb Vladimir Prus:
>>
>> One can always replace a zip-file by an installer that packages
>> bloatware together with the source.

You may sign CAB archives if you really want to.

> E.g. if we were to publish SFX archives, signing them would be nice, but
> involves actual money.

Actually, no - it doesn't cost money. Open source developers can get
code-signing certificates for free (f.e. from Comodo or Certum). Just
have a look at Git-2.7.4, TortoiseGit-2.0.0.0, or other open source
stuff: sha256 signed and sha265 timestamped.

Ciao
   Dani

-- 
PGP/GPG: 2CCB 3ECB 0954 5CD3 B0DB 6AA0 BA03 56A1 2C4638C5



Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk