It is somewhat laughable, but you can get the key from the repo itself in the most cases.
It may not just be safe or even advisable to do a dist-upgrade but gypping a package or two should not cause problems??
Problem here is, it may work for the two packages you installed now, but if you only install them and then disable the added repository, where will you get your security updates from? And if you leave it enabled, may be the change dependencies in the future without you noticing it, and that can definitely break your system.
Simple advice: At first, search for repos that are approved to work with your distro. If you can't find the program you need, you have two options:
1. Package the program yourself. Others may benefit from that also, don't forget the community spirit.
2. Use a repo from a different distro, but do that only if you really know what you are doing.
3. Simply compile from source, but be aware that your package-manager will have no knowledge of programs installed that way.