10 Jun
2015
10 Jun
'15
4:15 p.m.
Le 10/06/15 16:59, Andrey Semashev a écrit :
I agree that the situation is worrying, especially since we distribute binary installers as well and don't seem to publish SHA/MD5 of the installers on www.boost.org. Basically, we trust that SourceForge won't be hacked or won't do anything mischievous, like it did with these other projects.
However, what are the alternatives?
What about storing release packages on Github directly? On boost.test, there is apparently these tarballs automatically created: https://github.com/boostorg/test/releases but it is possible to push any package there: https://github.com/MPI-IS/Grassmann-Averages-PCA/releases Best, Raffi