Security issues:
****************

ZIP -AV
-------

The ZIP archive you just opened contained an -AV envelope.

Authentic files Verified!   # OBD305
MetroNET BBS

If the archive fails the authentication test, please do NOT use
it and inform support@avp.ch immediately. 
This archive my only be obtained from Metropolitan Network BBSs
Web/FTP servers or BBS.
An additional level of security is provided through PGP 
digital signature (see below).


PGP digital signature
---------------------

To check the authenticity of the files UPDATE.EXE, you need
PGP, Pretty Good privacy. This file however is not a tutorial on how to
use PGP, it is assumed you know how to use it.

The files with an ".ASC" extension contain a detached digital signature.

To get the necessary PGP public, send an empty mail to: pgp@metro.ch -
within a minute or so, you will receive the necessary PGP public key you
have to add to your public key ring.

Check the integrity of UPDATE.EXE like this:

PGP 2.6x:

pgp update.asc update.exe

PGP will output a message like this:

[...]
Good signature from user "Gerard Vuille <gerard.vuille@metro.ch>".
[...]

If you get a "bad signature" message, you are either using a
wrong public key from us, or the file has been tampered with.
Should the latter be the case, contact us immediately (support@avp.ch) and
don't run the archive.


PGP 5.0:
From Windows Explorer, right click on the signature file "UPDATE.ASC",
select PGP, then Decrypt/Verify. Select signed file "UPDATE.EXE" and you
should get the message "Good signature..." like above.




