[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Verification of Package Files When Using Sources.List.



I did post this before in November but got no responses.  Hopefully this wasn't because the question was so dumb.

-------------

My /etc/apt/sources.list contains:

deb http://deb.torproject.org/torproject.org lucid  main

In the "authentication" section of my "software sources" I have a deb.torproject.org archive signing key dated 2009-09-04 with a value 886DDD89. 

I was looking at the page which explains how to verify signatures for downloads: https://www.torproject.org/docs/verifying-signatures.html.en

If one is not directly downloading but using the sources.list file is the "authentication" section adequate to verify the validity of the downloads?

Thanks