I can verify signatures on Tor source packages, using key fingerprint given out of band. How do I do that for https://www.torproject.org/docs/debian "Building from source" (BTW, amd64 deps are missing quilt)? These would be weasel's signature, not Roger's, right? Thanks.