On Fri, May 13, 2016 at 12:40 PM, Michael Witten
On Fri, May 13, 2016 at 4:54 PM, Vladimir Prus
wrote: Hi Michael,
On Fri, May 13, 2016, 19:01 Michael Witten
wrote: On Fri, May 13, 2016 at 12:07 PM, Rene Rivera
wrote: Release 1.61.0 of the Boost C++ Libraries is now available.
No, it's not released yet.
It's not released until there are associated with the files immediately obvious digital signatures that can be verified with a well known personal public key (like that of Vladimir Prus).
Please, quit fscking around.
Thanks for your reminder! The signed hashes file will be available later, most likely next Tuesday. Sadly, if you require this file before using 1.61.0, you would have to wait.
That said, the definition a Boost release is made by release managers, it's not a universal law of physics. Presently, that definition does not include any digital signatures. The signatures I included with a couple of release candidates were an experiment to see how many people appear to care (the answer was one, Tom), and how complicated it is (the answer is that GPG is quite a mess, especially on Windows or if you do not want your master key on a random cloud server). No decison is made yet.
You are welcome to push on this and make concrete suggestions, but the impact will be directly proportional to how polite your messages are worded.
So, because only Tom explicitly responded, it must be the case that only Tom cared; it must be the case that only Tom will ever care.
Actually, Tom's emails are quite useful, because his own digital signature compounds the confirmation of your digital signature.
I have made many concrete suggestions and I have been very polite; it doesn't seem to do anything.
Your personal inability to find a convenient way to produce and present digital signatures is irrelevant; they are something that *must* be done in this day and age, and I cannot fathom why there is so much incredulity about that fact.
Perhaps, Tom would be willing to take on the task of constructing the files and/or composing the digital signatures, at least until some agreeable release recipe can be established for other maintainers to follow mindlessly.
For the record, the files containing the windows binaries have been hashed and signed. If you really need that, you could download one of them and extract the source from it as the entire source distribution is within them. Tom