I don't think that apt should automatically install any gpg keys, others have shown the same reservation.
Agreed - if you're connecting to an untrusted mirror, it'd be too easy to forge a key and sign malicious packages.
I don't have a problem with yum installing the latest kernel as it does not make the new kernel the default in the bootloader and does not remove the old kernel, either. As far as making apt install kernels by default, I can't say I recommend it do it either way (so leave it be?).
In cases where I've run it interactively, it *has* set the new kernel as default.
-- Rick Johnson, RHCE #807302311706007 - rjohnson@xxxxxxxxxx Linux/Network Administrator - Medata, Inc. PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc
