Boost logo

Boost :

Subject: Re: Boost libraries cannot yet be trusted
From: Daniela Engert (dani_at_[hidden])
Date: 2016-03-23 14:30:05

Am 23.03.2016 um 07:36 schrieb Vladimir Prus:
> On 3/22/2016 7:48 PM, Daniela Engert wrote:
>> Am 22.03.2016 um 09:32 schrieb Vladimir Prus:
>>>> One can always replace a zip-file by an installer that packages
>>>> bloatware together with the source.
>> You may sign CAB archives if you really want to.
>>> E.g. if we were to publish SFX archives, signing them would be nice, but
>>> involves actual money.
>> Actually, no - it doesn't cost money. Open source developers can get
>> code-signing certificates for free (f.e. from Comodo or Certum). Just
>> have a look at Git-2.7.4, TortoiseGit-, or other open source
>> stuff: sha256 signed and sha265 timestamped.
> That's good to know, thanks! Though it seems that Certum is no longer
> free starting
> in 2016 (16 euro is still way less than any other provider), and I can't
> find any such
> offer from Comodo.

Oh well, it looks like seasons have changed - for the worse. If the 16¤
are a problem I'll happily donate them. May be that Comodo was a red
herring and Certum is the only viable option then.


Boost list run by bdawes at, gregod at, cpdaniel at, john at