Boost :

Date view	Thread view	Subject view	Author view

Subject: Re: Boost libraries cannot yet be trusted
From: Daniela Engert (dani_at_[hidden])
Date: 2016-03-22 12:48:28

Next message: Jon Kalb: "[boost] Sean Parent to Keynote C++Now 2016"
Previous message: Louis Dionne: "Re: [boost] [Fit] Formal review / Kris"
In reply to: Vladimir Prus: "Re: [boost] Boost libraries cannot yet be trusted"
Next in thread: Vladimir Prus: "Re: [boost] Boost libraries cannot yet be trusted"
Reply: Vladimir Prus: "Re: [boost] Boost libraries cannot yet be trusted"

Am 22.03.2016 um 09:32 schrieb Vladimir Prus:
>>
>> One can always replace a zip-file by an installer that packages
>> bloatware together with the source.

You may sign CAB archives if you really want to.

> E.g. if we were to publish SFX archives, signing them would be nice, but
> involves actual money.

Actually, no - it doesn't cost money. Open source developers can get
code-signing certificates for free (f.e. from Comodo or Certum). Just
have a look at Git-2.7.4, TortoiseGit-2.0.0.0, or other open source
stuff: sha256 signed and sha265 timestamped.

Ciao
Dani

-- 
PGP/GPG: 2CCB 3ECB 0954 5CD3 B0DB 6AA0 BA03 56A1 2C4638C5

application/pgp-signature attachment: OpenPGP digital signature

Next message: Jon Kalb: "[boost] Sean Parent to Keynote C++Now 2016"
Previous message: Louis Dionne: "Re: [boost] [Fit] Formal review / Kris"
In reply to: Vladimir Prus: "Re: [boost] Boost libraries cannot yet be trusted"
Next in thread: Vladimir Prus: "Re: [boost] Boost libraries cannot yet be trusted"
Reply: Vladimir Prus: "Re: [boost] Boost libraries cannot yet be trusted"

Date view	Thread view	Subject view	Author view

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk