<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#ffffff">
<font color="#000000"><font face="Helvetica, Arial, sans-serif">I
did post this before in November but got no responses.
Hopefully this wasn't because the question was so dumb. <br>
<br>
-------------<br>
<br>
My /etc/apt/sources.list contains:<br>
<br>
deb <a rel="nofollow" class="moz-txt-link-freetext"
href="http://deb.torproject.org/torproject.org">http://deb.torproject.org/torproject.org</a>
lucid main<br>
<br>
In the "authentication" section of my "software sources" I have
a deb.torproject.org archive signing key dated 2009-09-04 with a
value 886DDD89. <br>
<br>
I was looking at the page which explains how to verify
signatures for downloads: <a rel="nofollow"
class="moz-txt-link-freetext"
href="https://www.torproject.org/docs/verifying-signatures.html.en">https://www.torproject.org/docs/verifying-signatures.html.en</a><br>
<br>
If one is not directly downloading but using the sources.list
file is the "authentication" section adequate to verify the
validity of the downloads?<br>
<br>
Thanks</font></font>
</body>
</html>