Subject: Re: [boost] Boost 1.61.0 has been released
From: Michael Witten (mfwitten_at_[hidden])
Date: 2016-05-13 13:40:35
On Fri, May 13, 2016 at 4:54 PM, Vladimir Prus <vladimir.prus_at_[hidden]> wrote:
> Hi Michael,
> On Fri, May 13, 2016, 19:01 Michael Witten <mfwitten_at_[hidden]> wrote:
>> On Fri, May 13, 2016 at 12:07 PM, Rene Rivera <grafikrobot_at_[hidden]>
>> > Release 1.61.0 of the Boost C++ Libraries is now available.
>> No, it's not released yet.
>> It's not released until there are associated with the files
>> immediately obvious digital signatures that can be verified with a
>> well known personal public key (like that of Vladimir Prus).
>> Please, quit fscking around.
> Thanks for your reminder! The signed hashes file will be available later,
> most likely next Tuesday. Sadly, if you require this file before using
> 1.61.0, you would have to wait.
> That said, the definition a Boost release is made by release managers, it's
> not a universal law of physics. Presently, that definition does not include
> any digital signatures. The signatures I included with a couple of release
> candidates were an experiment to see how many people appear to care (the
> answer was one, Tom), and how complicated it is (the answer is that GPG is
> quite a mess, especially on Windows or if you do not want your master key on
> a random cloud server). No decison is made yet.
> You are welcome to push on this and make concrete suggestions, but the
> impact will be directly proportional to how polite your messages are worded.
So, because only Tom explicitly responded, it must be the case that
only Tom cared; it must be the case that only Tom will ever care.
Actually, Tom's emails are quite useful, because his own digital signature
compounds the confirmation of your digital signature.
I have made many concrete suggestions and I have been very polite;
it doesn't seem to do anything.
Your personal inability to find a convenient way to produce and present
digital signatures is irrelevant; they are something that *must* be done
in this day and age, and I cannot fathom why there is so much incredulity
about that fact.
Perhaps, Tom would be willing to take on the task of constructing the
files and/or composing the digital signatures, at least until some agreeable
release recipe can be established for other maintainers to follow mindlessly.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk