http://ftp-master.debian.org/ziyi_key_<i>year</i>.asc

Currently, this will be ziyi_key_2005.asc.

You can grab the file with wget:

wget http://ftp-master.debian.org/ziyi_key_2005.asc

And then import it into your gpg keyring:

gpg –import ziyi_key_2005.asc

It’ll print the id of the key it imports for 2005, the ID will be 4F368D5D, and you should use that to check the key fingerprint. For the 2005 key, run:

gpg –fingerprint 4F368D5D

And you should see:

pub 1024D/4F368D5D 2005-01-31 Debian Archive Automatic Signing Key 2005 <ftpmaster@debian.org>
Key fingerprint = 4C7A 8E5E 9454 FE3F AE1E 78AD F1D5 3D8C 4F36 8D5D

You’ll need to find the fingerprints for newer keys elsewhere.

Once you’re sure this is the right key, you can tell apt to accept the key by issuing the command:

gpg –armor –export 4F368D5D | sudo apt-key add -

Mixing Ubuntu and Debian – Moonbase

WARNING: The following packages cannot be authenticated!

Googling with the warning text as a keyword turned out (Debian style!) simple solution:

apt-get install debian-archive-keyring
apt-get update

Nice to know that this is becouse Debian offers another level of safety in installing packages.

Little bit more about this topic is avilable at the origin of the above solution:
How to solve “The following packages cannot be authenticated” – The Changelog