David Gluss - 2009-08-28

debcache will check the signature of each Release file, and complain unless it's OK.  The actual keys used for signing the Release files come from each target machine, when you create the control file for that machine, and sometimes they aren't up to date.  In that case, the Release file won't be used.  You can pass debcache the -gpgfailok flag, but that's pretty lame.  A better way is to get the right keys and put them into the local key list, either by updating your target machines and rerunning debcache, or by fetching the key directly from http://ftp-master.debian.org.  Once you have the key, do this:
% cd .debcachegpg
% gpg --homedir . --import the_key_I_downloaded
Then the problem should go away.