I appreciate all your replies.
I read about signature verification of the zip file regarding manual installation.
I'd like to verify the whole Tor bundle AFTER an automatic update which I didn't trigger myself.
If there is an (automatic) signature verification process involved, it's transparent for the user and not acceptable in terms of security. We need feedback on this.
Think about a possible man-in-the-middle attack by a malicious exit-node redirecting your current tor browser to a 'modified' update / installation file (by spoofing the ips of torproject.org or the key server). In a talk Roger mentioned certain obsolete certificates being still implemented in the firefox browser engine. What if some 3-letter-agency was able to get or buy one? Your tor bundle could come with malware unnoticed. This attack scenario is bothering me since the beginning of tor.
More information about formatting options
Drupal Design and Maintenance by New Eon Media
Drupal Development by Chapter Three