<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div>On Jan 2, 2011, at 5:33 PM, Matthew wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"> <div text="#000000" bgcolor="#ffffff"> <font color="#000000"><font face="Helvetica, Arial, sans-serif">I did post this before in November but got no responses. Hopefully this wasn't because the question was so dumb. <br></font></font></div></blockquote><div><br></div>Not at all. If by "using the sources.list file" you mean using Apt, Aptitude, or Synaptic, then yes, verification is done automatically. You can read more about the process here: </div><div><a href="http://wiki.debian.org/SecureApt">http://wiki.debian.org/SecureApt</a></div><div><br></div><div>~Justin Aplin</div><div><br><blockquote type="cite"><div text="#000000" bgcolor="#ffffff"><font color="#000000"><font face="Helvetica, Arial, sans-serif"> <br> -------------<br> <br> My /etc/apt/sources.list contains:<br> <br> deb <a rel="nofollow" class="moz-txt-link-freetext" href="http://deb.torproject.org/torproject.org">http://deb.torproject.org/torproject.org</a> lucid main<br> <br> In the "authentication" section of my "software sources" I have a deb.torproject.org archive signing key dated 2009-09-04 with a value 886DDD89. <br> <br> I was looking at the page which explains how to verify signatures for downloads: <a rel="nofollow" class="moz-txt-link-freetext" href="https://www.torproject.org/docs/verifying-signatures.html.en">https://www.torproject.org/docs/verifying-signatures.html.en</a><br> <br> If one is not directly downloading but using the sources.list file is the "authentication" section adequate to verify the validity of the downloads?<br> <br> Thanks</font></font> </div> </blockquote></div><br></body></html>