A common security measure implemented by APT repository maintainers is to sign the packages they distribute. This ensures that the packages you are installing are the authorized and unmodified packages issued by the package maintainers an no one else. It can be a little confusing how to import the key into APT to install the new package in the first place. Here’s the easy way. I just had to installed the excellent web log analyzer GoAccesss so I will use it as an example.
