Hiho, our recent debmirror runs warned about failing gpg checks. Turns out that the squeeze pkg list is signed twice, based on both 473041FA and B98321F9. We still lacked the latter. While I was able to retrieve it from sks-keyservers.net, it is missing from keyring.debian.org. You might want to add it there, too. rgds, Martin