Verification of Package Files When Using Sources.List.
Justin Aplin
jmaplin at ufl.edu
Mon Jan 3 00:58:13 UTC 2011
On Jan 2, 2011, at 5:33 PM, Matthew wrote:
> I did post this before in November but got no responses. Hopefully
> this wasn't because the question was so dumb.
Not at all. If by "using the sources.list file" you mean using Apt,
Aptitude, or Synaptic, then yes, verification is done automatically.
You can read more about the process here:
http://wiki.debian.org/SecureApt
~Justin Aplin
>
> -------------
>
> My /etc/apt/sources.list contains:
>
> deb http://deb.torproject.org/torproject.org lucid main
>
> In the "authentication" section of my "software sources" I have a
> deb.torproject.org archive signing key dated 2009-09-04 with a value
> 886DDD89.
>
> I was looking at the page which explains how to verify signatures
> for downloads: https://www.torproject.org/docs/verifying-signatures.html.en
>
> If one is not directly downloading but using the sources.list file
> is the "authentication" section adequate to verify the validity of
> the downloads?
>
> Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110102/b08c4859/attachment.htm>
More information about the tor-talk
mailing list