Hi,
Signed linux kernel images tend to become the default as package linux-latest is updated when linux-signed is updated.
The problem is that when there are security fixes like the ones for kernel 4.8.x the unsigned images are pushed well before signed images, putting most of the users (w/ default config) at security risk.
So could you please publish both signed and unsigned kernels at the same time ? (As of now 4.8.15)
Note that it also applies to stretch branch as working this way will result in insecure configurations for most users.
Thanks and rgds