Downloading Ubuntu source code gave a security warning:
# apt-get source gedit
Reading package lists... Done
Building dependency tree
Reading state information... Done
NOTICE: 'gedit' packaging is maintained in the 'Bzr' version control system at:
https://code.launchpad.net/~ubuntu-desktop/gedit/ubuntu
Please use:
bzr branch https://code.launchpad.net/~ubuntu-desktop/gedit/ubuntu
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 3,116 kB of source archives.
Get:1 http://gb.archive.ubuntu.com/ubuntu/ vivid/main gedit 3.10.4-0ubuntu10 (dsc) [2,650 B]
Get:2 http://gb.archive.ubuntu.com/ubuntu/ vivid/main gedit 3.10.4-0ubuntu10 (tar) [3,086 kB]
Get:3 http://gb.archive.ubuntu.com/ubuntu/ vivid/main gedit 3.10.4-0ubuntu10 (diff) [26.7 kB]
Fetched 3,116 kB in 5s (611 kB/s)
gpgv: Signature made Sat 04 Apr 2015 22:31:17 BST using RSA key ID 778FA6F5
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./gedit_3.10.4-0ubuntu10.dsc
It downloaded the code anyway. But why did it's key fail? And does the warning mean the downloaded files can't be trusted?
According to What's the official method for checking integrity of a source package? and How to get apt-get source verification working? you can try these:
sudo apt-get install debian-keyringgpg --keyserver keyring.debian.org --recv-keys 9F1B8B32