Should you need to download packages from a unofficial repository, you need not disable gpg signature verification. Instead, you can import the key used to sign the packages into your local keyring.
Of course, you may not know what key to fetch. That’s probably okay, as if the public portion of key is not explicitly divulged, it is probably in a key repository. If you can find the email address of the repository owner, that’s probably the piece of information you need to retrieve the key.
$ gpg --keyserver subkeys.pgp.net --search-keys email@example.com pg: searching for "firstname.lastname@example.org" from hkp server subkeys.pgp.net (1) Jason Boxman
1024 bit DSA key 4BD9A338, created: 2002-12-06
Next, select the key that seems most appropriate. There may only be one, or one may mention repository signing key or something similar. When in doubt you can fetch all the keys. Next we must armor export the key.
$ gpg -a --output /tmp/pub.asc --export 4BD9A338
Finally, let us tell apt about the key.
$ sudo apt-key add /tmp/pub.asc && rm /tmp/pub.asc
Only perform the above action if you really trust the key. (And I do mean the key, as it ultimately is what is granted trust, not whoever purports to be its owner.)
# apt-get update
And you are on your way again!