Tor 0.2.2.19-alpha is out

[Andrew Lewman]

On Tue, 30 Nov 2010 16:25:25 +0000
Matthew <pumpkin at cotse.net> wrote:
> In System / Administration / Software Sources / Authentication there
> is an deb.torproject.org archive signing key dated 2009-09-04 with
> the value 886DDD89.

This is correct.

> Am I correct to think that this key sufficient to verify updates when
> using sources.list. 

This is correct.

> Also, who exactly owns 886DDD89?  Is it a specific person or for 
> torproject.org as a whole?

If you gpg --list-sigs 0x886DDD89  You can see who signed the key.  It
is a role key that the packagers use to sign the builds, rather than
using their own personal keys.  It is up to you if you trust the key
and those who signed it implying validity.

-- 
Andrew
pgp 0x74ED336B
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/