Boost :

Subject: Re: [boost] Boost libraries cannot yet be trusted
From: Vladimir Prus (vladimir.prus_at_[hidden])
Date: 2016-03-23 02:36:20

• Next message: Niall Douglas: "Re: [boost] [release] Tags are not being used correctly"
• Previous message: paul Fultz: "Re: [boost] [Fit] formal review ends 20th March."
• In reply to: Daniela Engert: "Re: Boost libraries cannot yet be trusted"
• Next in thread: Daniela Engert: "Re: Boost libraries cannot yet be trusted"
• Reply: Daniela Engert: "Re: Boost libraries cannot yet be trusted"

On 3/22/2016 7:48 PM, Daniela Engert wrote:
> Am 22.03.2016 um 09:32 schrieb Vladimir Prus:
>>>
>>> One can always replace a zip-file by an installer that packages
>>> bloatware together with the source.
>
> You may sign CAB archives if you really want to.
>
>> E.g. if we were to publish SFX archives, signing them would be nice, but
>> involves actual money.
>
> Actually, no - it doesn't cost money. Open source developers can get
> code-signing certificates for free (f.e. from Comodo or Certum). Just
> have a look at Git-2.7.4, TortoiseGit-2.0.0.0, or other open source
> stuff: sha256 signed and sha265 timestamped.

That's good to know, thanks! Though it seems that Certum is no longer free starting
in 2016 (16 euro is still way less than any other provider), and I can't find any such
offer from Comodo.

Thanks,

-- 
Vladimir Prus
http://vladimirprus.com

• Next message: Niall Douglas: "Re: [boost] [release] Tags are not being used correctly"
• Previous message: paul Fultz: "Re: [boost] [Fit] formal review ends 20th March."
• In reply to: Daniela Engert: "Re: Boost libraries cannot yet be trusted"
• Next in thread: Daniela Engert: "Re: Boost libraries cannot yet be trusted"
• Reply: Daniela Engert: "Re: Boost libraries cannot yet be trusted"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk