Debian apt repositories use digital keys to sign packages. See http://wiki.debian.org/SecureApt for nasty details, but you may find yourself downloading a software (ie. emacs-snapshot) from semi-official site and you may want to add that repository to sources.list. In that case, a good idea is also to add the distributor's key to apt. Quick guide follows (run as root):

1. See what keys you already trust:

apt-key list

2. Download the key you want to add (keys are stored in files similar to SSL certificates).

3. Add the key to apt:

apt-key add /path/to/downloaded/key_file.pgp

4. Check that the key is now added -- see ad 1.

Of course, you should do this only with keys that you trust, but that is another story.