Recently the GPG signatures on one of the upstream repositories expired before it could be renewed. A fix should have propagated to all mirrors by now, and may require action on your part to correct.
For unknown reasons, the correct solution appears to vary somewhat by user, so multiple methods are given here that have proved to be successful:
1. Using Synaptic:
a. Reload source lists. You may receive an error message.
b. Mark all upgrades and apply.
c. When system pauses and asks whether to accept maintainers configuration changes, click accept.
2. Using the apt-notifier icon (screenshots):
- In the apt-notifier's View and Upgrade screen untick the 'Use apt-get --yes ...' checkbox.
- In the terminal screen that comes up after that, answer "Y" when it asks about installing the antix-archive-keyring package without verification.
- Further on in the upgrade answer "Y" to have it install the package maintainer's version of the config file (/etc/apt/trusted.gpg.d/antix-archive-keyring.gpg).
- The next time you have updates you can re-enable the 'Use apt-get --yes ...' checkbox.
3. Using the command line. In a root terminal copy and paste this command:
apt-get update && apt-get install antix-archive-keyring
Choose Yes when prompted.
4. If unable to solve with 1-3: in a terminal as a regular user, select all, copy and paste this command:
for K in $(apt-key list | grep expired | cut -d'/' -f2 | cut -d' ' -f1); do sudo apt-key adv --recv-keys --keyserver keys.gnupg.net $K; done
Then repeat option 3.
5. A final option is to directly download the keyring, then click on it to use gdebi for installation.