When you’re using a non-standard repository it’s fairly common to find apt-get complaining about non-verifiable keys.
For example, when using mirror.ourdelta.org I was getting

W: GPG error: http://mirror.ourdelta.org etch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3EA4DFD8A29A9ED6
W: GPG error: http://archive.debian.org etch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9AA38DCD55BE302B NO_PUBKEY B5D0C804ADB11277
W: GPG error: http://archive.debian.org etch/updates Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9AA38DCD55BE302B
W: GPG error: http://archive.debian.org etch/volatile Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY DFD993306D849617

If you are sure you trust the source, a solution is to use gpg to request the key, then export that into apt.

key=3EA4DFD8A29A9ED6
gpg --keyserver hkp://pgpkeys.mit.edu --recv-keys $key; \
gpg --armor --export $key | apt-key add -

[omit the \ and its linebreak]
then up-arrow to edit for the next key, etc
(I use a variable because it has to be run multiple times, so it speeds up the edits.)

If you are going to continue using the same shell, finish with

unset key
Advertisements