Nowadays, apt has built-in support for GPG verification of package signature. It was silently doing its business of verifying the integrity of Debian packages until a couple of days ago when an ‘apt-get update’ yielded the following error :

W: GPG error: http://ftp2.fr.debian.org testing Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 010908312D230C5F
W: GPG error: http://ftp2.fr.debian.org unstable Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 010908312D230C5F
W: You may want to run apt-get update to correct these problems

Apt is complaining about a package signed with a key it does not know about. We need to import it into the GPG keyring and then tell apt about it. So let’s issue the two following commands as root :

# gpg --keyserver wwwkeys.eu.pgp.net --recv-keys 010908312D230C5F
# gpg --armor --export 2D230C5F | apt-key add -

And that’s it… We’re now back to our regularly scheduled programming…