<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#ffffff">
<font face="Helvetica, Arial, sans-serif">Hello!<br>
<br>
My /etc/apt/sources.list contains:<br>
<br>
deb <a class="moz-txt-link-freetext"
href="http://deb.torproject.org/torproject.org">http://deb.torproject.org/torproject.org</a>
karmic main<br>
<br>
In the "authentication" section of my "software sources" I have a
deb.torproject.org archive signing key dated 2009-09-04 with a
value 886DDD89. <br>
<br>
I was looking at the page which explains how to verify signatures
for downloads: <a class="moz-txt-link-freetext"
href="https://www.torproject.org/docs/verifying-signatures.html.en">https://www.torproject.org/docs/verifying-signatures.html.en</a><br>
<br>
If one is not directly downloading but using the sources.list file
is the "authentication" section adequate to verify the validity of
the downloads?<br>
<br>
Thanks<br>
</font> <br>
</body>
</html>