would be nice: import from archive

Paul Rubin http
Sat Aug 28 04:21:29 EDT 2004

Paul Rubin <http://phr.cx@NOSPAM.invalid> writes:
> > Side question, does module zipfile already have the code to allow
> > reading such signed files?  
> I think jar files are just zip files containing an extra file (called
> "manifest") that has signatures in it.  So you can import from a jar
> as if it were a zip.

But to add to that, if module zipfile is going to eventually expect
jar files to be signed, the first patch needed is that if it doesn't
have code to actually check the signatures, it should refuse to load
jar files.

I guess I better check into what Java does about this.  It's been a
while since I've used Java, but I seem to remember that signing is not

More information about the Python-list mailing list