|
Boost : |
Subject: Re: [boost] Boost libraries cannot yet be trusted
From: Vladimir Prus (vladimir.prus_at_[hidden])
Date: 2016-03-23 02:36:20
On 3/22/2016 7:48 PM, Daniela Engert wrote:
> Am 22.03.2016 um 09:32 schrieb Vladimir Prus:
>>>
>>> One can always replace a zip-file by an installer that packages
>>> bloatware together with the source.
>
> You may sign CAB archives if you really want to.
>
>> E.g. if we were to publish SFX archives, signing them would be nice, but
>> involves actual money.
>
> Actually, no - it doesn't cost money. Open source developers can get
> code-signing certificates for free (f.e. from Comodo or Certum). Just
> have a look at Git-2.7.4, TortoiseGit-2.0.0.0, or other open source
> stuff: sha256 signed and sha265 timestamped.
That's good to know, thanks! Though it seems that Certum is no longer free starting
in 2016 (16 euro is still way less than any other provider), and I can't find any such
offer from Comodo.
Thanks,
-- Vladimir Prus http://vladimirprus.com
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk