I followed the instructions from here, and I got the following output:
$ sudo apt-get install syncthing
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
syncthing
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 2.935 kB of archives.
After this operation, 0 B of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
syncthing
Install these packages without verification [y/N]?
What package does it actually try to install (version, architecture)? It looks to me like things are set up correctly, the packages are signed, and
jb@syno:~ $ curl -s https://syncthing.net/release-key.txt | gpg -v
gpg: armor header: Version: GnuPG v1
pub 2048R/D26E6ED000654A3E 2014-12-29 Syncthing Release Management <release@syncthing.net>
sig D26E6ED000654A3E 2014-12-29 [selfsig]
sig 49F5AEC0BCE524C7 2014-12-29 Jakob Borg (calmh) <jakob@nym.se>
sub 2048R/681C3CFCF614F575 2014-12-29
sig D26E6ED000654A3E 2014-12-29 [keybind]
sub 4096R/2B9FAE4C37C86D31 2015-05-11 [expires: 2025-05-08]
sig D26E6ED000654A3E 2015-05-11 [keybind]
(that last key is the one that signs the packages) It looks like the same key is on the key servers, although your import command stalls for me for whatever reason.