I use apt-get from the command line and I get the following doing an update:

....
Get: 9 http://us.archive.ubuntu.com dapper-updates/main Sources [4268B]
Hit http://us.archive.ubuntu.com dapper-updates/restricted Sources
Fetched 58.5kB in 2s (23.7kB/s)
Reading package lists... Done
W: GPG error: http://security.ubuntu.com dapper-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
W: GPG error: http://us.archive.ubuntu.com dapper-updates Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
W: You may want to run apt-get update to correct these problems

Of course, the update doesn't fix this issue. I'm confused as to how to get the keys. I've seen one repo where someone just d/l a key then used apt to update the key file and I've seen another set of directions going to a pgp site using gpg to try to get the key.

I tried the 2nd set but I'm behind a proxy server and I *think* that's stopping me from getting the keys:

$ gpg --keyserver subkeys.pgp.net --recv KEY

What's the right way to go about this?

Thanks,

Beemer