|
|
Boost : |
Subject: Re: Boost libraries cannot yet be trusted
From: Daniela Engert (dani_at_[hidden])
Date: 2016-03-23 14:30:05
Am 23.03.2016 um 07:36 schrieb Vladimir Prus:
> On 3/22/2016 7:48 PM, Daniela Engert wrote:
>> Am 22.03.2016 um 09:32 schrieb Vladimir Prus:
>>>>
>>>> One can always replace a zip-file by an installer that packages
>>>> bloatware together with the source.
>>
>> You may sign CAB archives if you really want to.
>>
>>> E.g. if we were to publish SFX archives, signing them would be nice, but
>>> involves actual money.
>>
>> Actually, no - it doesn't cost money. Open source developers can get
>> code-signing certificates for free (f.e. from Comodo or Certum). Just
>> have a look at Git-2.7.4, TortoiseGit-2.0.0.0, or other open source
>> stuff: sha256 signed and sha265 timestamped.
>
> That's good to know, thanks! Though it seems that Certum is no longer
> free starting
> in 2016 (16 euro is still way less than any other provider), and I can't
> find any such
> offer from Comodo.
Oh well, it looks like seasons have changed - for the worse. If the 16¤
are a problem I'll happily donate them. May be that Comodo was a red
herring and Certum is the only viable option then.
Ciao
Dani
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk