The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key
Strange. And it was no good retrying, the same error occurred over and over again. apt-get stopped complaining after running update with this option:
apt-get update -o Acquire::http::No-Cache=True
apt-get update -o Acquire::BrokenProxy=true
I suspect my company's Barracuda Spam & Virus Firewall is to blame, as it has been blamed for arbitrarily corrupting downloads before by my co-workers. How can I know for certain?