Verification of Package Files When Using Sources.List.

Justin Aplin jmaplin at
Mon Jan 3 00:58:13 UTC 2011

On Jan 2, 2011, at 5:33 PM, Matthew wrote:

> I did post this before in November but got no responses.  Hopefully  
> this wasn't because the question was so dumb.

Not at all. If by "using the sources.list file" you mean using Apt,  
Aptitude, or Synaptic, then yes, verification is done automatically.  
You can read more about the process here:

~Justin Aplin

> -------------
> My /etc/apt/sources.list contains:
> deb lucid  main
> In the "authentication" section of my "software sources" I have a  
> archive signing key dated 2009-09-04 with a value  
> 886DDD89.
> I was looking at the page which explains how to verify signatures  
> for downloads:
> If one is not directly downloading but using the sources.list file  
> is the "authentication" section adequate to verify the validity of  
> the downloads?
> Thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the tor-talk mailing list