Last month I mentioned that we were generating a unique key for each Personal Package Archive.
Well, that’s complete meaning each PPA now has its own key that’s used to sign its packages. And if you create a new PPA, Launchpad will generate a new key for it within a couple of hours.
This means that you now need to add the PPA’s key to apt before you install any of its packages. It’s really easy: all you need to do is copy the PPA’s public key and import it using System->Administration->Software Sources and then the Authentication tab.
Here’s a screencast that takes you through the steps:
(Higher quality Ogg Theora version)
Of course, you can also do it in the terminal. There’s more on the PPA help page.
Note: the PPA keys help you see that the package hasn’t been altered since Launchpad built it on behalf of the PPA owner. It does not mean that Launchpad, Ubuntu or Canonical endorse the packages. You should ensure you trust the PPA owner before you install their software.