I did post this before in November but got no responses. Hopefully this
wasn't because the question was so dumb.
-------------
My /etc/apt/sources.list contains:
deb http://deb.torproject.org/torproject.org lucid main
In the "authentication" section of my "software sources" I have a
deb.torproject.org archive signing key dated 2009-09-04 with a value 886DDD89.
I was looking at the page which explains how to verify signatures for
downloads: https://www.torproject.org/docs/verifying-signatures.html.en
If one is not directly downloading but using the sources.list file is the
"authentication" section adequate to verify the validity of the downloads?
Thanks
