I have two updates waiting for me :
I get this message :
==> Validating source files with sha512sums...
llvm-6.0.0.src.tar.xz ... Passed
llvm-6.0.0.src.tar.xz.sig ... Skipped
libcxx-6.0.0.src.tar.xz ... Passed
libcxx-6.0.0.src.tar.xz.sig ... Skipped
libcxxabi-6.0.0.src.tar.xz ... Passed
libcxxabi-6.0.0.src.tar.xz.sig ... Skipped
==> Verifying source file signatures with gpg...
llvm-6.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)
libcxx-6.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)
libcxxabi-6.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)
==> ERROR: One or more PGP signatures could not be verified!
Is it safe to import these keys? And what is the correct way to find out about this kind of thing? I don't really need much on my computer, mainly programs for art and modeling but I'm always a bit weary of AUR.