[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Verification of Package Files When Using Sources.List.

On Jan 2, 2011, at 5:33 PM, Matthew wrote:

I did post this before in November but got no responses.  Hopefully this wasn't because the question was so dumb.

Not at all. If by "using the sources.list file" you mean using Apt, Aptitude, or Synaptic, then yes, verification is done automatically. You can read more about the process here: 

~Justin Aplin


My /etc/apt/sources.list contains:

deb http://deb.torproject.org/torproject.org lucid  main

In the "authentication" section of my "software sources" I have a deb.torproject.org archive signing key dated 2009-09-04 with a value 886DDD89. 

I was looking at the page which explains how to verify signatures for downloads: https://www.torproject.org/docs/verifying-signatures.html.en

If one is not directly downloading but using the sources.list file is the "authentication" section adequate to verify the validity of the downloads?