Yep, but it's not just the official source, it's also the guy's computer who uploads the source to the PPA.
Just something to keep in mind when adding a PPA: you're tying your machine's integrity to the integrity of the PPA and its keyholder(s), and this trust is tested each time you update your packages.
