[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor is out

I notice that was downloaded today by the Synaptic Update Manager.  Thanks for creating it. 

I have a question about the procedure for verifying signatures. 

My sources.list file contains: deb http://deb.torproject.org/torproject.org lucid main

System / Administration / Software Sources / Other Software also lists http://deb.torproject.org/torproject.org lucid main

In System / Administration / Software Sources / Authentication there is an deb.torproject.org archive signing key dated 2009-09-04 with the value 886DDD89.  

Am I correct to think that this key sufficient to verify updates when using sources.list.  My impression is that the page https://www.torproject.org/docs/verifying-signatures.html.en refers to verifying files that have been manually downloaded (rather than through Update Manager).

Also, who exactly owns
886DDD89?  Is it a specific person or for torproject.org as a whole?


On 28/11/10 21:55, andrew@xxxxxxxxxxxxxx wrote:
On Sun, Nov 28, 2010 at 08:56:13PM +0000, pumpkin@xxxxxxxxx wrote 5.4K bytes in 125 lines about:
: I am curious how to get in the preferred way when using
: Ubuntu.  Thanks!

You are doing it correctly.  Packages for ubuntu/debian for
aren't created yet.  We announce the source release before the binary
packages we create are available.  It's generally a few days from source
release to binary package availability.  The exception here is OS X PPC,
which lacks a build machine right now.