From: Richard Peters [mailto:r.a.peters@student.tue.nl]

If some boost authority certifies the released packages, and users correctly verify that the certificate is issued by the boost authority, and the certificate is valid on the package, then certified executables can be trusted as well.

You are right, providing certificates is one thing. Whether or not to distribute executable self-extracting packages is different question. Regards, Stefan