Checking the source: debian images

diff --git a/checking.md b/checking.md
index f0a71a88ec0196225f679a193e00b8f609fa22e4..f99fa1df03f0524640335250453328c72f98de9b 100644 (file)
--- a/checking.md
+++ b/checking.md
@@ -1,11 +1,20 @@
 Checking the source
 ===================
 
+Debian Images
+-------------
+
+See [Verifying authenticity of Debian CDs](https://www.debian.org/CD/verify).
+
+Source packages
+---------------
+
 This is the trick part. In theory, you could run just
 
     dscverify *.dsc
 
-Which would check if the signature was made for a key included in the `debian-keyring` package.
+Which would check if the signature was made for a key included in the `debian-keyring` package or if you
+have a verification path with the signing key.
 
 In practice, it should always work for sources you download from the **same** Debian version you're running.
 But sources you download from newer versions might not work, depending basically if the maintainer's key is
@@ -116,4 +125,3 @@ See also:
 * [Debian Public Key Server](http://keyring.debian.org/).
 * [apt get - How to get apt-get source verification working? - Super User](https://superuser.com/questions/626810/how-to-get-apt-get-source-verification-working).
 * [Debian. How can I securely get debian-archive-keyring, so that I can do an apt-get update? NO_PUBKEY - Server Fault](http://serverfault.com/questions/337278/debian-how-can-i-securely-get-debian-archive-keyring-so-that-i-can-do-an-apt-g/337283#337283).
-