In most (if not all) installation instructions for Debian Third-Party repositories you will find a sentence like this:
wget -O - https://packages.example.com/example.key | apt-key add -
This allows the package maintainers key to sign ALL Debian packages, not only the packages from their repository. I’m not sure why this is still so common when a more secure alternative exists.