Subject: Re: [boost] Providing means to verify integrity and authenticity for releases
From: paul Fultz (pfultz2_at_[hidden])
Date: 2016-03-14 10:16:46

• Next message: Rob Stewart: "Re: [boost] [Root Pointer] Benchmark"
• Previous message: Glen Fernandes: "Re: [boost] [Root Pointer] Benchmark"
• In reply to: Daniel Hofmann: "[boost] Providing means to verify integrity and authenticity for releases"
• Next in thread: Tom Kent: "Re: [boost] Providing means to verify integrity and authenticity for releases"

> On Monday, March 14, 2016 5:15 AM, Daniel Hofmann <daniel_at_[hidden]> wrote:
> > The current download page at
>
>> http://www.boost.org/users/download/
>
> redirects the user to SourceForge for downloading sources and / or
> binary Boost distributions. SourceForge can no longer be trusted as a
> hosting platform, as you can for example see following this thread
>
>> http://listarchives.boost.org/boost-users/2016/02/85662.php
>
> where a user was tricked into downloading some arbitrary binary while
> downloading a Boost release.
>
>
> Unfortunately there does not seem to be a secure and convenient way to

> download Boost releases.>
>
> Although Github's Boost "releases" can be found at
>
>> https://github.com/boostorg/boost/releases
>
> but those are only repository snapshots, from which you can not even

> build a Boost distribution.

Ideally, all boost libraries should be installable directly from their github repo like Boost.Hana. However, there is cycles everywhere you turn right now in Boost.

• Next message: Rob Stewart: "Re: [boost] [Root Pointer] Benchmark"
• Previous message: Glen Fernandes: "Re: [boost] [Root Pointer] Benchmark"
• In reply to: Daniel Hofmann: "[boost] Providing means to verify integrity and authenticity for releases"
• Next in thread: Tom Kent: "Re: [boost] Providing means to verify integrity and authenticity for releases"