If you receive a warning about missing key during an upgrade, try this solution:

# apt-get install debian-archive-keyring/unstableNote this works only if you have unstable in your /etc/apt/sources.list

While comfortable, this is an inappropriate and insecure way to deal with this. Suppose that the new signing key was used by an attacker, who also replaced the debian-archive-keyring package, this could potentially break the security of the system. The proper way to handle this is to retrieve the new key from a PGP keyserver, and check if it is signed by people who you trust. If so, you can import the key with apt-key.

Remember: alway check a new PGP/GPG key by looking who signed it (and checking who signed the keys of the signers). The web of trust is the only way to establish the authenticity of a key.

Whoa, really? I got this information from what I thought to be a fairly reliable source: Debian Administration Org (http://www.debian-administration.org/users/dkg/weblog/11#comment_3)
The whole point of using secure apt is that you know that the archive you are installing from is signed by a key you trust. If you blindly import keys from a keyserver and push them into apt-key, why bother with secure apt at all?However, point well taken, which is why one can also install the gui key manager,(gui-apt-key), which provides a quick, simple way of checking the signer and signing authority, for the non-geeky :)

Unless, of course, someone hacked that package!!