The current download page at
redirects the user to SourceForge for downloading sources and / or binary Boost distributions. SourceForge can no longer be trusted as a hosting platform, as you can for example see following this thread
where a user was tricked into downloading some arbitrary binary while downloading a Boost release. Unfortunately there does not seem to be a secure and convenient way to download Boost releases. Although Github's Boost "releases" can be found at
but those are only repository snapshots, from which you can not even build a Boost distribution. And whereas the Boost 1.60 rc1 announcement mail at least provides checksums
The official 1.60 release announcement mail does not
Correct me if I'm wrong, but there is no way for obtaining a Boost release and verifying its integrity and authenticity. The only option I'm seeing is recursively cloning all Boost repositories from Github and building a release by myself. Can we please change this situation? Here are some options that come to mind ordered by amount of effort: - Providing checksums - Educating users on the Downloads page - Signing releases with a trusted Release Team key - Changing the hosting platform Cheers, Daniel J H