On Fri, 6 Oct 2000, Hubert Feyrer wrote:

: Is the ZIP encyption trustworthy enough? maybe we could implement some pkg
: signing that way?

Zip "encryption" is nothing more than a fairly simplistic password cipher.

What you're probably picturing is the signature handling used by things like
Java JAR file signatures (which are really just extra zip file entries at
the beginning of the zipfile, with names like META-INF/SIGNKEY.RSA, etc.).

-- 
-- Todd Vierling <tv@wasabisystems.com>  *  http://www.wasabisystems.com/
-- Speed, stability, security, and support.  Wasabi NetBSD:  Run with it.