I know about the --no-checksig option, and I've done apt install rpmkey-* but there are still unsigned packages turning up. Is there another source for these packages that have been signed? Is there a way to locate the package maintainer to ask that they sign the package? Could signing be added to the script that creates the packages? Get:1 ftp://ftp.gwdg.de SuSE/9.0-i386/suse-projects libapr0 2.0.53-6 [629kB] Fetched 629kB in 5s (114kB/s) Checking GPG signatures... Unknown signature /var/cache/apt/archives/libapr0_2.0.53-6_i586.rpm: md5 (GPG) NOT OK (MISSING KEYS: GPG#efb694ea) E: Error(s) while checking package signatures: 0 unsigned package(s) 1 package(s) with unknown signatures 0 package(s) with illegal/corrupted signatures -- Collector of vintage computers http://www.ncf.ca/~ba600 Machines to trade http://www.ncf.ca/~ba600/trade.html Open Source Weekend http://www.osw.ca