You need to trust that key by signing it, probably. But before you do that, would you test if adding "--trust-model always" to the relevant $GPG invocation suppresses that message? And if it does, mailing list: do we want to add this?