Boost logo

Boost :

Subject: Re: Boost libraries cannot yet be trusted
From: Daniela Engert (dani_at_[hidden])
Date: 2016-03-22 12:48:28

Am 22.03.2016 um 09:32 schrieb Vladimir Prus:
>> One can always replace a zip-file by an installer that packages
>> bloatware together with the source.

You may sign CAB archives if you really want to.

> E.g. if we were to publish SFX archives, signing them would be nice, but
> involves actual money.

Actually, no - it doesn't cost money. Open source developers can get
code-signing certificates for free (f.e. from Comodo or Certum). Just
have a look at Git-2.7.4, TortoiseGit-, or other open source
stuff: sha256 signed and sha265 timestamped.


PGP/GPG: 2CCB 3ECB 0954 5CD3 B0DB 6AA0 BA03 56A1 2C4638C5

Boost list run by bdawes at, gregod at, cpdaniel at, john at