I encountered this issue yesterday upon attempting a long overdue upgrade (I have been offline for over a month). I managed to resolve it by following the steps below. Posting here for information in case anyone else encounters this, and to solicit feedback if a better solution is possible.

Symptom: 
# pacman -Syu
 error: obcore: signature from "Eric Vidal (Obarun Key) <eric@ obarun.org>" is unknown trust
 error: obextra: signature from "Eric Vidal (Obarun Key) <eric@ obarun.org>" is unknown trust
:: Synchronising package databases...
 ...
 error: failed...
Suspected cause: obarun-keyring and archlinux-keyring packages are out of sync. Problem is I cannot now upgrade these packages.

Solution: temporarily elevate the trust privilege on the gnupg key for Eric Vidal, following the steps below:

1. First, as a precaution, confirm the value of the key for Eric in the pacman db: 
# pacman-key --finger "Eric Vidal"
pub   rsa2048 2018-08-31 [SC]
      1E38 9882 EFEA BB1A E772  3A01 4B91 00E6 7907 5EDF
uid           [  unknown  ] Eric Vidal <eric@ obarun.org>
sub   rsa2048 2018-08-31 [E]
The hexadecimal fingerprint must be exactly as shown. The cause of the pacman failure is indicated by the trust status being '[ unknown ]'.

2. Override the trust level for this key: 
# pacman-key --edit-key "Eric Vidal"
At the 'gpg>' prompt, type "trust", to be presented with a menu like: 
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu
Select '4', indicating 'I trust fully'. Exit by typing "quit".

3. Now, upgrade the obarun-keyring and archlinux-keyring packages: 
# pacman -Sy obarun-keyring archlinux-keyring
4. Revert the trust level of the "Eric Vidal" key: 
# pacman-key --edit-key "Eric Vidal"
At the 'gpg>' prompt enter "trust", select option 1 ('I don't know or won't say'), then "quit".

5. Complete the pacman upgrade: 
# pacman -Syu
@ bbsg,

I did something very similar, but prefer your method of trusting the old signature.

I disabled the checks for pacman by changing SigLevel for Obarun repositories, update obarun-keyring and archlinux-keyring, then re-enabling SigLevel. Accomplished the same thing but your solution avoids someone forgetting to update pacman.conf and being p0wned later. Much more elegant.

Thank you for sharing!
Thanks for sharing this solution like said techore it's much more elegant.

Powered by Obarun