On Tue, May 17, 2016 at 5:16 AM, Vladimir Prus <vladimir.prus@gmail.com> wrote:

On 13/05/2016 15:07, Rene Rivera wrote:

Release 1.61.0 of the Boost C++ Libraries is now available.

For details, including download links, see http://www.boost.org/users/news/version_1.61.0

You can also download directly from SourceForge: http://sourceforge.net/projects/boost/files/boost/1.61.0/

You can optionally verify integrity of the source downloads using the attached signed checksums file.

First, verify your downloads have the right checksums, by putting the file alongside the
downloads, and running:

$ sha256sum -c boost_1_61_0.sums.asc

This should produce "OK" message for each source archive you have available.

This step fails, in the boost_1_61_0.sums.asc file the file names have boost_1_61.0.* instead of boost_1_61_0.* (note the . replacing an _ ). Manually verifying the checksums

Second, verify that the checksums file itself was not modified:

$ gpg --keyserver pgp.mit.edu --recv DA472E8659753BA4
$ gpg --verify boost_1_61_0.sums.asc

If everything is good, this should say "Good Signature" and also report these
key fingerprints:

Primary key fingerprint: C5F0 F367 AA66 616F B839 806E DA47 2E86 5975 3BA4
Subkey fingerprint: 7805 7A0D 045A 2DC5 5453 BD81 0F1A 3ECD 4EAC 2316

You might want to trust they key for future use if fingerprints match.

I get a good verification on the file.

Tom