Gah! I did a little bit more research and found out that the warning was not replicating on stretch hosts managed elsewhere. This led me to find that the warning was *not* caused by aptitude itself but rather by an option in apt.conf.d/ that was configured by our configuration management (e.g. it was configuring "APT::Get::force-yes true;"
I've removed this from the configuration that is being pushed by our configuration management and the warning is gone. So.... I'm really sorry for creating noise here and not having investigated a bit more! I thought that since I could replicate on more than one host it was a problem with the software but it was rather a configuration problem. This bug report can be closed (sorry don't know the magic email line that does this)
Description: OpenPGP digital signature