I added a new source to my /etc/apt/sources.list file and got this message from
W: GPG error: http://raspberrypi.collabora.com wheezy Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ED4BF9140C50B1C5
Clearly, I needed to import that GPG key into apt. Here's how that is done:
sudo gpg --keyserver hkp://subkeys.pgp.net --recv-keys ED4BF9140C50B1C5 sudo gpg --export --armor ED4BF9140C50B1C5 | sudo apt-key add -
YMMV, so replace the hex id of the key with the one that your system is complaining about.