You can solve this once and for all. Import the missing(invalid) public key into your public key ring, then update/upgrade again.
sudo apt-key adv --keyserver keyring.debian.org --recv-keys E852514F5DF312F6
###or gpg --keyserver keyring.debian.org --recv-key E852514F5DF312F6
sudo apt-get update
sudo apt-get upgrade
Or you can temporarily circumvent all package gpg checking while doing the update/upgrade
sudo apt-get --allow-unauthenticated update
sudo apt-get --allow-unauthenticated upgrade
I prefer the first approach, but sometimes if you feel overwhelmed with all these missing keys, the second approach is definitely more convenient at the risk of introducing malware, but if your repo is simply debian I would place a high-level of confidence there is no malware. The other convenience is that iirc there would be an updated developer keys package that updates the public keyring with the newer developer public keys on your behalf. Similar stuff like this occurs on Fedora as well.